Tag Archives: Man-in-the-Middle

WPA2 KRACK Vulnerability: What you need to know

Last Sunday, the early signs of a vulnerability disclosure affecting the extensively used Wi-Fi protected access (WPA2) protocol were evident. The next day, disclosure of the vulnerability lead to more details. The vulnerability was discovered by  two researchers Mathy Vanhoef and Frank Piessens of the Katholieke Universiteit Leuven (KU Leuven) while examining OpenBSD’s implementation of the WPA2 four way handshake.

Why should this vulnerability be considered important?
On Monday 16th October, the KRACK (key re-installation attacks) vulnerability was disclosed. This vulnerability was found within the implementation of the WPA2 protocol rather than any single device making it’s impact much more widespread. For example, vulnerable devices include Windows, OpenBSD (if not already patched against it), Linux, Apple iOS, Apple macOS and Google Android.

If exploited this vulnerability could allow decryption, packet replay, TCP connection hijacking and if WPA-TKIP (defined) or GCMP (explained) are used; the attacker can inject packets (defined) into a victim’s data, forging web traffic.

How can an attacker exploit this vulnerability?
To exploit the vulnerability an attacker must be within range of a vulnerable Wi-Fi network in order to perform a man in the middle attack (MiTM)(defined). This means that this vulnerability cannot be exploited over the Internet.

This vulnerability occurs since the initial four way handshake is used to generate a strong and unique key to encrypt the traffic between wireless devices. A handshake is used to authenticate two entities (in this example a wireless router and a wireless device wishing to connect to it) and to establish the a new key used to communicate.

The attacker needs to manipulate the key exchange (described below) by replaying cryptographic handshake messages (which blocks the message reaching the client device) causing it to be re-sent during the third step of the four way handshake. This is allowed since wireless communication is not 100% reliable e.g. a data packet could be lost or dropped and the router will re-send the third part of the handshake. This is allowed to occur multiple times if necessary. Each time the handshake is re-sent the attacker can use it to gather how cryptographic nonces (defined here and here) are created (since replay counters and nonces are reset) and use this to undermine the entire encryption scheme.

How can I protect myself from this vulnerability?
AS described in this CERT knowledge base article.; updates from vendors will be released in the coming days and weeks. Apple (currently a beta update) and Microsoft already have updates available. OpenBSD also resolved this issue before the disclosure this week.

Microsoft within the information they published for the vulnerability discusses how when a Windows device enters a low power state the vulnerable functionality of the wireless connection is passed to the underlying Wi-Fi hardware. For this reason they recommend contacting the vendor of that Wi-Fi hardware to request updated drivers (defined).

Links to affected hardware vendors are available from this ICASI Multi-Vendor Vulnerability Disclosure statement. Intel’ security advisory with relevant driver updates is here. The wireless vendor, Edimax also posted a statement with further updates to follow. A detailed but easy to use list of many vendors responses is here. Since I use an Asus router, the best response I could locate is here.

======
Update: 21st October 2017:
Cisco have published a security advisory relating to the KRACK vulnerability for its wireless products. At the time of writing no patches were available but the advisory does contain a workaround for some of the affected products.
======

The above updates are software fixes but updates will also be made available for devices in the form of firmware updates e.g. for wireless routers, smartphones and Internet of Things (IoT)(defined) devices. For any wireless devices you own, please check with the manufacturer/vendor for available updates with the above CERT article and vendor response list detailing many of the common vendors.

Thank you.

BlueBorne : Bluetooth Vulnerability Explained

Researchers from the security firm Armis have discovered a set of eight security vulnerabilities within the Bluetooth (defined) communications technology and responsibly disclosed (defined) them to affected device manufacturers. These are not present in the protocol layer of Bluetooth but within the implementation layer of Bluetooth which “bypasses the various authentication mechanisms, and enabling a complete takeover of the target device” (source). An estimated 5.3 billion devices are thought to be vulnerable ranging from computers tablets, smartphone, TVs, watches to Internet of Things (IoT) (defined) medical devices. This set of vulnerabilities is known as “BlueBorne”.

What is BlueBorne and why is it important?
Exploitation of the BlueBorne vulnerabilities allows the complete compromise of the vulnerable device and does not require the vulnerable device be paired (defined) with the attacking device.

Once exploited the vulnerabilities allow the attacker to conduct remote code execution (defined: the ability for an attacker to remotely carry out any action of their choice on your device)) and man in the middle attacks (defined). To begin the attack, the attacker does not need for the user of the vulnerable device to have taken any action.

These vulnerabilities are particularly severe since Bluetooth is less secured on a corporate network than for example, the proxy server (defined) providing internet access making spreading from advice to device in a worm (defined) like fashion (theoretically) possible. The Bluetooth protocol often runs with high privilege on devices and is not usually considered a potential entry point into a network. Air gapped systems (defined) are also potentially vulnerable.

How can I protect myself from these issues?
Software updates for some devices are listed here (for Google, Linux and Microsoft devices). Recent Apple devices were found not to be vulnerable. A full list of affected devices and the software updates to protect them are listed here and will be updated by Armis.

For users of Google Android devices, they can check if their device is vulnerable by downloading the BlueBorne Android app. Disabling Bluetooth if you are not using it and only leaving it enabled for the time you are using it are also good security practices. Once your devices are updated, you should be able to resume normal Bluetooth usage. Please not that not all devices will or can be updated due to end of support lifecycles, newer products and product limitations. It is estimated approximately 2 billion devices will not receive software updates to resolve these issues.

Thank you.

Mozilla Releases Firefox 43.0.2 and Firefox ESR 38.5.2

In late December 2015 Mozilla released security updates for Firefox bringing it to version 43.0.2 and Firefox ESR (Extended Support Release) 38.5.2.

At that time the release notes for these updates didn’t reference any further security issues resolved since the previous updates (described in a previous post of mine). The above mentioned Firefox version numbers were not present in late December. I was aware of these updates but since they didn’t contain further security related changes I didn’t create a post about them. In future I will need to re-check those pages again in the days following such updates in order to avoid such a delay in posting.

Since that time the security advisory pages for Firefox and Firefox ESR (linked to below) now include details of a moderate severity security issue (assigned 1 CVE number (defined)) resolved by these updates. The issue relates to the Network Security Services (NSS) component of Firefox still accepting TLS 1.2 ServerKeyExchange messages with MD5 digital signatures. As discussed here and here, the use of MD5 is discouraged and Mozilla has rectified this issue using these updates.

Full details of the security issues resolved by these updates are available in the following links:

Firefox 43.0.2
Firefox ESR 38.5.2

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve this security issue.

Note: The most recent version of Firefox 43 at the time of writing is 43.0.4. It has since been updated following the release of 43.0.2. Please ensure you are using the most up to date version available. 43.0.4 re-enables SHA-1 certificates for “man-in-the-middle” (defined) devices. More details are provided here.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Siemens Issues Security Updates for SIMATIC HMI Devices and Software

In late August a set of security updates was made available by Siemens for its SIMATIC HMI devices, SIMATIC WinCC Runtime Advanced software, SIMATIC WinCC v7 software and SIMATIC NET PC-Software V12 and V13.

The HMI (Human Machine Interface) devices allow a user to easily interface with industrial control and supervisory control and data acquisition (SCADA) systems via widescreen displays and multi-touch devices. The SIMATIC WinCC Runtime Advanced and Professional software provide this capability. The SIMATIC NET PC-Software is required for communication between a controller (SIMATIC S7 controller) and PC-based solutions (e.g., SIMATIC WinCC).

These updates address 3 remotely exploitable CVEs (defined) which include resource exhaustion (defined), a man-in-the-middle (MITM) attack (defined) and password-hashing (defined) implementation flaws.

The resource exhaustion vulnerability could be exploited by an attacker if they were located on the network connection between an HMI panel and a PLC (i.e. a man-in-the-middle (MITM) attack) and they could send network packets to the HMI over TCP port 102. Such specifically crafted packets would result in a denial of service (defined) issue for these devices.

The separate man in the middle category of attack mentioned above involves a similar means of attack but this time the attacker is located between the PLCs and their communication partners allowing the attacker to both intercept the packets between these devices and to modify them.

Finally the password hashing vulnerability involves the attacker using the password hashes obtained through another means to grant themselves the same usage rights as the rightful users of those passwords to access SIMATIC WinCC and SIMATIC PCS 7 software.

Why Should These Issues Be Considered Important?
Using these vulnerabilities remote attackers could cause denial of service issues to the above mentioned Siemens devices and/or obtaining the permissions of legitimate users of the SIMATIC WinCC and SIMATIC PCS 7 software used to monitor and control these devices. With the large industrial systems these devices control/operate these flaws can have serious physical consequences (see the notable example mentioned below).

How Can I Protect Myself From These Issues?
Please follow the instructions within this ICS CERT security advisory (specifically the Mitigation section) to update any affected industrial Siemens products that you may be using.

One interesting aspect about these flaws is that the above mentioned Siemens HMI devices are in use by the well-known Large Hadron Collider located underground near Geneva, Switzerland and operated by the European Organization for Nuclear Research (CERN). This underlines the important functions that these devices control whether it be the Hadron Collider or your nearest power station.

Thank you.

Belkin N600 DB Wireless Dual Band N+ Router Contains Unpatched Security Issues

A particular model of consumer/home user broadband router/wireless access point from Belkin has been found to be vulnerable to a set of security issues that can have potentially serious consequences.

The Belkin N600 DB Wireless Dual Band N+ router model F9K1102 v2 with firmware version 2.10.17 and possibly earlier are affected.

There are 5 sets of issues (4 of which have been assigned CVEs, defined):

Use of Insufficiently Random Values – CVE-2015-5987: This issue would allow an attacker to spoof Belkin’s firmware update servers and to connect to any device (server, computer etc.) an attacker chooses.

Cleartext Transmission of Sensitive Information: This issue is somewhat related to the above issue since firmware update requests could be intercepted thus allowing an attacker to substitute a firmware update with an update of their choice or prevent firmware updates from taking place. An attacker would first have to be able to conduct a man in the middle (MITM) attack (MITM, defined) first for these malicious capabilities to become available to them.

Use of Client-Side Authentication – CVE-2015-5989: Due to the means of how the router checks if a legitimate user of the router is logged in, these values can be manually manipulated to allow an attacker to log into the administration interface (a webpage shown to the user to allow them to change the settings of the router) of the router with the same permissions as the legitimate user. The attacker would already need access to your local area network (LAN) (the network within your home) to carry out this method of attack. Carrying out this attack remotely would not be possible.

Cross-Site Request Forgery (CSRF) – CVE-2015-5990: If the owner/user of the router is logged into the administrative interface of the router and clicks on a link (within another browser tab) or accesses a website of the attacker’s choice the attacker will obtain the same permissions as the legitimate user. This is known as a Cross-Site Request Forgery (CSRF) attack (CSRF, defined here and here). If the issue mentioned below is also present (namely no password set by the user to access the admin interface) the attacker would not need for the user to be already logged in to use this attack against the legitimate user.

Credentials Management – CVE-2015-5988: If an attacker already has access to your home network they can access the admin interface of the router if the default configuration of the router has not been changed, namely if no password has been set.

Why Should These Issues Be Considered Important?
If an attacker can obtain full access to your router, they can change any setting they wish e.g. the DNS settings (as discussed in a previous post), disconnect you and other legitimate users from your own internet connection and have the possibility of installing rogue firmware onto your router.

While only one issue (Use of Insufficiently Random Values) can be exploited remotely with the remaining issues requiring access to your network or a man in the middle (MITM) connection these issues should still be considered serious since they have the potential to take control of your router away from you and denying access to your internet connection. The devices you have connected to the router may also visit websites that you didn’t intend (due to the DNS settings being changed as mentioned above).

How Can I Protect Myself From These Issues?
While Belkin has not released a firmware update to resolve these issue and may choose not to do so, I would recommend following the advice provided in this CERT advisory. Essentially not allowing untrusted users to access your home network and having strong passwords for your Wireless LAN key and password for the routers admin interface.

If you are an owner of this router or know someone who is, I hope that the above advice is useful to you in preventing any malicious user from using these issues against you or someone you know.

Thank you.