Businesses using some of the more advanced methods for securing connections to Wi-Fi access points need to take a hard look at the configuration settings of client computers. So say researchers who have documented a simple way to impersonate trusted networks.
The attack works on access points that use the Wi-Fi Protected Access (WPA) in concert with Protected Extensible Authentication Protocol (PEAP) or other so-called Extensible Authentication Protocols (EAPs). Such technologies use public-key certificates to authenticate a trusted network to a laptop or other connected device and provide an encrypted SSL tunnel through which the two can communicate.
Problem is, laptops running Windows, OS X and various versions of Linux frequently have the security settings mis-configured, according to researchers Brad Antoniewicz and Josh Wright. Using a program called FreeRADIUS-WPE (short for FreeRADIUS Wireless Pwnage Edition), it's easy to dupe the clients into connecting to imposter networks and giving up critical information, they say.
The attack relies on a technology known as a wireless supplicant, which sits on the client and checks the validity of a network's credentials. All too frequently, the researchers say, it's not configured to validate a certificate at all, or at the very least, not to properly validate a server's RADIUS TLS certificate.
"In either of these scenarios, FreeRADIUS-WPE (our modified version of the open source RADIUS server) can be used to gain access to the inner authentication credentials passed in the TLS tunnel that is established between client and the authentication server,"[…]
WiFi, Wi-Fi, Network, Networking, Wireless, Wi-Fi Protected Access, WPA, EAPs, PEAP, Access Point, WAP, Security