Friday, October 22, 2010

Beware Road Warriors! WPA2 Honeypot APs Might Haunt You.

Did you know that security enabled Honeypot APs are also possible. If not, you must read this. Wireless clients configured to connect to WEP secured WiFi networks can be attacked even if they are roaming thousands of miles away from their trusted WiFi networks. Just recall, how WEP cracking is done. One can either passively sniff and collect enough WEP encrypted DATA traffic. An active attack on WEP encrypted WiFi network is also possible. It requires presence of a wireless client and an AP and one encrypted ARP frame from client to AP. Attacker can replay this frame to generate more encrypted data traffic. Once the sufficient amount of data traffic is collected then aircrack-ng tool can be used to crack the WEP key. But in Caffe Latte attack, researchers have shown that WEP key can still be cracked even if client is not connected to any AP and present too far from its trusted WiFi network. 

Now, you might think why you should worry about it. You do not use WEP any ways. Your wireless device is configured to connect to WPA-PSK or WPA2-PSK based WiFi network. Then, here is a bad news for you. Author of the most popular WiFi cracking open source software has presented about PSK cracking in UNAM, Mexico. His talk can be downloaded from here. As per him older version of aircrack-ng tool needed all four frames of 4-way handshake to launch dictionary attack against PSK. But the latest version of aircrack-ng attack tool has been enhanced and now it only requires any two subsequent frames to launch attack.

Does this mean a PSK enabled WiFi honeypot AP can be planted to lure WiFi clients which have been connecting to such WiFi networks in the past. The answer is yes. If you see the 4-way handshake in the figure above, WiFi client device is first authenticated by AP. AP sends a 256 bit random number called ANONCE to challenge Client. Client responds to the challenge by generating MIC using Pairwise Transient Key (PTK). PTK generation requires knowledge of Passphrase, SSID, ANONCE and SNONCE. SNonce is also a 256 bit random number generated by client device to challenge AP.

An attacker can configure a Honeypot AP with any "passphrase". When a roaming wireless client connect to WPA2-PSK honeypot, it initiates higher layer 4-way handshake with the AP. Since the AP is not configured with right Passphrase as attacker does know this now, client does not authenticate Honeypot AP and does not connect to it. But in lieu of this attacker is able to capture initial two frames of 4-way handshake as shown in the figure above. Only these two frames are enough for latest aircrack-ng tool to launch dictionary attack and crack the passphrase, 

In fact, there is an online PSK cracking service available. I have written about wpacracker in the past. The trace file captured earlier can be uploaded to the wpacracker site and PSK can be cracked.

A few wireless clients which connect to WPA2-802.1x secured WiFi network can be victimized by setting up Honeypot AP. The attack is known as PEAP attack. Only those wireless Clients are vulnerable to this attack which do not verify certificate sent by an AP.

So the conclusion is that security enabled Honeypots are also possible. If you connect to WPA-PSK or WPA2-PSK based WiFi network then make sure the passphrase is a random mix of aphanumeric characters and its size is more than eight characters. If you are using PEAP, then make sure that wireless clients verify certificate sent by an AP.

No comments:

Post a Comment