SingCERT issues advisory on 'multiple vulnerabilities' affecting Wi-Fi networks
This comes after Belgian researchers publicly disclosed multiple vulnerabilities in the Wi-Fi Protected Access (WPA2) protocol.
Read more at http://www.channelnewsasia.com/news/technology/singcert-issues-advisory-on-multiple-vulnerabilities-affecting-9318264
(Updated: )
Ricky Lim ·
Checking our smartphone wifi and the internet gateway wifi- fiber connection - notice that the encryption algorithm used is wifi WPA / WPA2.
Wonder whether Singtel, M1, Starhub - will be rolling out security patches automatically to patch up the WPA/WPA2 to mobile and internet users?
Wonder whether Singtel, M1, Starhub - will be rolling out security patches automatically to patch up the WPA/WPA2 to mobile and internet users?
Like · Reply · Just now
Ricky Lim ·
Look like enterprise wifi - that encrypt with VPN and TLS are safe - because this is an additional encryption tunnel in the WPA2 tunnel.
Look like those that use WPA2 encryption alone is not sufficient - because if the encyption for WPA2 is broken, data become in the clear - even though enterprise WPA2 uses radius for authentication - as well as private and public key - but not good enough for rouge man-in-the-middle attack.
It is more vulnerable for home users that uses the pre-share key for WPA2 - using mobile and home internet
Look like those that use WPA2 encryption alone is not sufficient - because if the encyption for WPA2 is broken, data become in the clear - even though enterprise WPA2 uses radius for authentication - as well as private and public key - but not good enough for rouge man-in-the-middle attack.
It is more vulnerable for home users that uses the pre-share key for WPA2 - using mobile and home internet
Like · Reply · Just now
Ricky Lim ·
As the vulnerabilities is due to 4 way handshake between the mobile devices (eg. smartphone, notebook) and the wireless gateway/access point/router -- then security patches update will be required for all wifi (wpa protected devices).
(1) Telcos (Singtel, M1, Starhub) etc - must roll out security patches to patch consumers' wireless gateway/access point/router.
(2) Google, Apple, Microsoft - should roll out security patches to patch the smartphone Android, IOS, Microsoft Windows OS.
(3) Enterprise should roll out all security patches via their WLAN controller to all its access points.
All client OS should be patch by the vendor OS through their patch servers.
I believe most enterprise will be using 802.1x-EAP-PEAP, WPA2 - Radius or Tacas to secure the Wifi network - which means they will be vulnerable.
Hardly see people implementing 802.1xEAP-TLS WPA2 - radius or Tacas --- as it involve CA and the overhead of rolling out and maintain digital cert.
(1) Telcos (Singtel, M1, Starhub) etc - must roll out security patches to patch consumers' wireless gateway/access point/router.
(2) Google, Apple, Microsoft - should roll out security patches to patch the smartphone Android, IOS, Microsoft Windows OS.
(3) Enterprise should roll out all security patches via their WLAN controller to all its access points.
All client OS should be patch by the vendor OS through their patch servers.
I believe most enterprise will be using 802.1x-EAP-PEAP, WPA2 - Radius or Tacas to secure the Wifi network - which means they will be vulnerable.
Hardly see people implementing 802.1xEAP-TLS WPA2 - radius or Tacas --- as it involve CA and the overhead of rolling out and maintain digital cert.
Like · Reply · Just now
Ricky Lim ·
The vulnerability is quite serious.
Each time a wireless device associate with the access point - it force it to all-zero encryption key instead of the real key using WPA2 encryption algorithm.
The access via the access point - become clear text and hackers can steal information such as passwords, credit card info. etc.
Each time a wireless device associate with the access point - it force it to all-zero encryption key instead of the real key using WPA2 encryption algorithm.
The access via the access point - become clear text and hackers can steal information such as passwords, credit card info. etc.
Like · Reply · Just now
Gw Chua
Still want to use your phone to pay your food in hawker center??
Ricky Lim ·
Wrong.
This wifi has nothing to do with the QR code - that uses the 3g or 4g connectivity.
So basically, the hacker cannot intercept and decrypt any info. via the phone payment for food in the hawker centre.
This wifi has nothing to do with the QR code - that uses the 3g or 4g connectivity.
So basically, the hacker cannot intercept and decrypt any info. via the phone payment for food in the hawker centre.
Like · Reply ·
Ricky Lim ·
Moreover, if wifi is used and manage to intercept the username and password and even the user QR code - security measures are still intact to protect the money transfer.
(1) To use the mWallet QR code transaction, hacker will need to register with the bank that provide the mWallet service. By doing so, hacker will have exposed his identity and can be nabber.
(2) Also QR code is unique to each user and retailer. Even if hacker clone the hacked QR code, there will be duplication and since user or retailer has already registered with its unqiue QR code, hacker attempting to clone a similar user QR code will be nabbed.
(3) Also registering the use of mWallet will need 2FA, and even if hacker managed to steal the username and password - without the 2FA, registration will still fail.
So there are sufficient security safeguard in the mWallet QR code for bank transfer and payment --- even if you used wifi (preferably not to - why let hackers capture your username and password)?
(1) To use the mWallet QR code transaction, hacker will need to register with the bank that provide the mWallet service. By doing so, hacker will have exposed his identity and can be nabber.
(2) Also QR code is unique to each user and retailer. Even if hacker clone the hacked QR code, there will be duplication and since user or retailer has already registered with its unqiue QR code, hacker attempting to clone a similar user QR code will be nabbed.
(3) Also registering the use of mWallet will need 2FA, and even if hacker managed to steal the username and password - without the 2FA, registration will still fail.
So there are sufficient security safeguard in the mWallet QR code for bank transfer and payment --- even if you used wifi (preferably not to - why let hackers capture your username and password)?
Richard Siow
regardless if such vulnerability are patch already or not, everyone should ensure at all time that:-
1) your connection are secure i.e. https before login in, filling in personal detail only if it is mandatory,
2) never use real name, email, personal details on non secured website
3) do not use similar username and password for secure and non-secure website,
4) do not use similar username and password for financial vs non-financial website, .
5) do not use similar username and password at work and home.
with all this practice in mind, it is impossible for criminal, script kindle to steal any of your personal information unless the institution that store your information securely are compromised.
1) your connection are secure i.e. https before login in, filling in personal detail only if it is mandatory,
2) never use real name, email, personal details on non secured website
3) do not use similar username and password for secure and non-secure website,
4) do not use similar username and password for financial vs non-financial website, .
5) do not use similar username and password at work and home.
with all this practice in mind, it is impossible for criminal, script kindle to steal any of your personal information unless the institution that store your information securely are compromised.
Ricky Lim ·
For your (1) use https secure connection ---- is not that secured.
sslstrip have been used to strip https (ssl connection) and change the url web connectivity to http (clear text).
When the hacker intercept the 4 way-handshake using all-zero encryption key on the WPA2 crypto forcing it to reactivate from real key to this all-zero encryption key and make the connectivity in the clear.
When the WPA2 is hijack, sslstrip is used (the like of bluecoat - stripping off the ssl to inspect the web content and re-encrypting it) - and https secured connection - become non-secured http web connection.
The only way to ensure secured connection - is by using VPN or EAP-TLS.
VPN use IPSec encryption and tunnel through the WPA2 - so even if WPA2 is decrypt and compromise, VPN will still encrypt it with IPSec encryption.
Similarly, for using TLS crypto in addition to WPA2, TLS set up secured tunnel - between server and client with public and private key using public cert and private cert. TLS will be more secured if 2FA is used on the client end. But this method is seldom used - due to the overhead needed to administer the public cert and private cert and the 2FA.
So to conclude, unless vendors quickly roll out the security patches to patch up the vulnerability in the WPA2 - which is a vulnerability in the WPA standard ---- all wifi connection is unsafe.
In fact all your recommendation above - can be compromised - by rogue wifi AP interception (man-in-the-middle attack), use sslstrip to strip the https encryption - and then use wireshark network analyser to see the wifi content in the clear.
sslstrip have been used to strip https (ssl connection) and change the url web connectivity to http (clear text).
When the hacker intercept the 4 way-handshake using all-zero encryption key on the WPA2 crypto forcing it to reactivate from real key to this all-zero encryption key and make the connectivity in the clear.
When the WPA2 is hijack, sslstrip is used (the like of bluecoat - stripping off the ssl to inspect the web content and re-encrypting it) - and https secured connection - become non-secured http web connection.
The only way to ensure secured connection - is by using VPN or EAP-TLS.
VPN use IPSec encryption and tunnel through the WPA2 - so even if WPA2 is decrypt and compromise, VPN will still encrypt it with IPSec encryption.
Similarly, for using TLS crypto in addition to WPA2, TLS set up secured tunnel - between server and client with public and private key using public cert and private cert. TLS will be more secured if 2FA is used on the client end. But this method is seldom used - due to the overhead needed to administer the public cert and private cert and the 2FA.
So to conclude, unless vendors quickly roll out the security patches to patch up the vulnerability in the WPA2 - which is a vulnerability in the WPA standard ---- all wifi connection is unsafe.
In fact all your recommendation above - can be compromised - by rogue wifi AP interception (man-in-the-middle attack), use sslstrip to strip the https encryption - and then use wireshark network analyser to see the wifi content in the clear.
Like · Reply · Just now
Richard Siow
Ricky Lim sslstrip are only effective for website that have poor implementation of SSL, for https website that involve $$, it will not passed the stringent PCI SSC require by visa and mastercard. hacker that go after poor implementation of https website are typically script kindie.
knowledgeable user can easilly detect if a connection remain secure and if it has been compromise by sslstrip by always checking on the secure padlock next to each https and the CA issuer. If it has been strip to http, there won't be a secure padlock anymore and therefore fall under the category of non-secure which bring back to (1), don't login if it wasn't secure.
the current wpa2 weakness are more critical in organisation that has no secure implementation (HSTS) of https on internal and external website, those will be primary target by those looking to exploit this wpa2 vulnerability.
knowledgeable user can easilly detect if a connection remain secure and if it has been compromise by sslstrip by always checking on the secure padlock next to each https and the CA issuer. If it has been strip to http, there won't be a secure padlock anymore and therefore fall under the category of non-secure which bring back to (1), don't login if it wasn't secure.
the current wpa2 weakness are more critical in organisation that has no secure implementation (HSTS) of https on internal and external website, those will be primary target by those looking to exploit this wpa2 vulnerability.
Reply · 1 hr
Ricky Lim ·
Richard Siow - yes sslstrip are effective against poorly implemented ssl.
But how about bluecoat type of ssl decryption and content visibility of ssl traffic?
"SSL Visibility Appliance: The centerpiece of Encrypted Traffic Management, this gives you ‘x-ray’ vision into all your SSL traffic and lets you easily add SSL decryption and inspection capabilities to your advanced threat protection solutions as well as your existing network security architecture."
Blucoat is known to be able to strip and decrypt ssl traffic - even those for very secured web using ssl.
But how about bluecoat type of ssl decryption and content visibility of ssl traffic?
"SSL Visibility Appliance: The centerpiece of Encrypted Traffic Management, this gives you ‘x-ray’ vision into all your SSL traffic and lets you easily add SSL decryption and inspection capabilities to your advanced threat protection solutions as well as your existing network security architecture."
Blucoat is known to be able to strip and decrypt ssl traffic - even those for very secured web using ssl.
Like · Reply · Just now
Ricky Lim ·
So far, understand that the only very secured encryption is the VPN IPsec encryption.
As far as i understand - Web encryption is not known to be the safest.
VPN is safe because :-
(1) additional layer 3 - IP header is padded into IP packet and the original IP header is not exposed.
(2) the entire original IP packet + payload is encrypted if use tunnel mode or the payload is encrypted if used transport mode -- under AH (Authentication header) and ESP (Encapsulated Security Payload).
(3) Encryption is done by AES (Advanced Encryption System) using RSA IES - very strong crypto with strong key.
(4) The RAS (Remote Access Server) is usually the Telco Service Provider - that serve as VPN server (RAS server) and enduser will use the VPN client (RAS client).
(5) Peer-to-peer encrypted secure tunnel are made between the VPN server and VPN client.
(6) If 2FA is used, hackers is virtually unable to hack.
So far, there is no known successful attack on VPN secured connection.
Web SSL --- not so sure (because the vulnerability is on the Web and web server.
Web SSL tunnel into VPN IPsec will be the safest.
As far as i understand - Web encryption is not known to be the safest.
VPN is safe because :-
(1) additional layer 3 - IP header is padded into IP packet and the original IP header is not exposed.
(2) the entire original IP packet + payload is encrypted if use tunnel mode or the payload is encrypted if used transport mode -- under AH (Authentication header) and ESP (Encapsulated Security Payload).
(3) Encryption is done by AES (Advanced Encryption System) using RSA IES - very strong crypto with strong key.
(4) The RAS (Remote Access Server) is usually the Telco Service Provider - that serve as VPN server (RAS server) and enduser will use the VPN client (RAS client).
(5) Peer-to-peer encrypted secure tunnel are made between the VPN server and VPN client.
(6) If 2FA is used, hackers is virtually unable to hack.
So far, there is no known successful attack on VPN secured connection.
Web SSL --- not so sure (because the vulnerability is on the Web and web server.
Web SSL tunnel into VPN IPsec will be the safest.
Like · Reply · Just now
Ricky Lim ·
In fact, Bluecoat being the most reowned and the 1st SSL decryptor - is not the only appliance that have ssl decrytion capability.
Now we have Palo Alto firewall ssl decryptor and F5 SSL decryptor.
They can come in with Virtual Appliance or VM (Virtual Machine) and can be installed in a notebook.
Hacker can do Krack to break the wifi and decrypt WPA2 and introduce an all-zero encryption key.
Then web ssl traffic can be redirected to any of the above ssl decryptors in VM to decrypt the ssl traffic.
When the web traffic is in clear text, use wireshark wireless network analyser to steal the userid and password.
Now we have Palo Alto firewall ssl decryptor and F5 SSL decryptor.
They can come in with Virtual Appliance or VM (Virtual Machine) and can be installed in a notebook.
Hacker can do Krack to break the wifi and decrypt WPA2 and introduce an all-zero encryption key.
Then web ssl traffic can be redirected to any of the above ssl decryptors in VM to decrypt the ssl traffic.
When the web traffic is in clear text, use wireshark wireless network analyser to steal the userid and password.
Like · Reply · Just now
Ricky Lim ·
Some security experts came out in the news and say use https or web ssl in wifi.
I personally think is not very safe.
I personally think is not very safe.
Like · Reply · Just now
Richard Siow
bluecoat or other similar forensic tools need to replaced the website CA before they can start decrypting https traffic. modern browser typically will flag such connection. regardless if browser flag a warning, user will still be able to identify their connected website CA issuer easily and not proceed with login.
to achieve economic of scale, intercepting ssl traffic will only be effective when place on the server side; that rule out general public unless the stealing party are IT team within the organization.
smart hacker won't be wasting too much time to steal individual household using such wpa2 vulnerability since it won't return them enough $ for the time they spent hoping to sniff user password. they generally bypass breaking wpa2 vulnerability when spend time drinking coffee when surfing on free wifi store to perform mim attack of larger scale.
to achieve economic of scale, intercepting ssl traffic will only be effective when place on the server side; that rule out general public unless the stealing party are IT team within the organization.
smart hacker won't be wasting too much time to steal individual household using such wpa2 vulnerability since it won't return them enough $ for the time they spent hoping to sniff user password. they generally bypass breaking wpa2 vulnerability when spend time drinking coffee when surfing on free wifi store to perform mim attack of larger scale.
Ricky Lim ·
To summarise, web ssl can be used by the public (generally safe but not foolproof).
(1) Many users are not IT savvy and are unable to recognise the significance of CA and digital cert - not to be fool to login to a clone cert.
(2) The little "lock icon" besides the https - reveal alot of information about the digital certs, CA, cert path, encryption algorithm used, type of encryption key, authentication method, cookies etc.
By clicking the "lock icon" of a bank website - it reveal the CA is from symantec, cert validity date, cert path, type of cookies, aes encryption algorithm, sha authentication, 256bit keys etc ------ and i believe hackers can clone this.
Well maybe i am too paranoid ......
(1) Many users are not IT savvy and are unable to recognise the significance of CA and digital cert - not to be fool to login to a clone cert.
(2) The little "lock icon" besides the https - reveal alot of information about the digital certs, CA, cert path, encryption algorithm used, type of encryption key, authentication method, cookies etc.
By clicking the "lock icon" of a bank website - it reveal the CA is from symantec, cert validity date, cert path, type of cookies, aes encryption algorithm, sha authentication, 256bit keys etc ------ and i believe hackers can clone this.
Well maybe i am too paranoid ......
Ricky Lim ·
The only safe way to do internet transaction - is to use the data plan for 3g or 4g for the time being and not wifi - until the wpa/wpa2 is patch by the vendors - in the routers/wireless gateways/APs and the mobile devices or end devices like the smartphone Android, IOS, Windows, Linux etc.
Like · Reply · Just now
Gw Chua
There was a time WPA is most secured than WEP, than one day WPA2 is the best. Now..And you never know. Once they managed to get into the middle between the phone and the bank, even 2FA is not bulletproof. By the way, how many people know or realize they are using wifi or data line to do a transaction as wireless@sg is available in some hawker center or shopping mall. I'm sure many Android phones will not receive the patch for this issue. The best way is to tell everyone in Singapore to use data line instead of wifi.
Reply · 2 hrs
Ricky Lim ·
(1) WEP key is a very weak static key and can be easily compromised. WEP key is make up of IV (Initialisation Vector Key - the key to prevent reuse + a 40 bit key using RC4 - a weak algorithm).
Once the WEP key is setup - it will not change. Hacker can easily do a man-in-the-middle attack to capture the IV and WEP key - and break the weak RC4 crypto.
(2) TKIP and WPA is temporary used to plug the weakness in the WEP - by using MD5 hashing to do MIC (Message Integrity Check) - to ensure the WEP IV and WEP key is not compromise but still using RC4 weak crypto.
As MD5 and RC4 are weak authentication and crypto - they can also be compromised easily.
(3) WPA2 uses the stronger AES (Advanced Encryption System) crypto - and so far this has not been compromised for a long time.
WPA2 is compromised due to the 4-way handshake through KRACK - Key Reinstallation Attack of the key that is used as nounce to trick the mobile or device client to reinstall the already used key with a nounce key and bypassing the encryption - the solid AES that still have not been broken (something like a factory reset).
It is not AES encryption that has been compromised - but the initial handshake before encryption.
(4) You mention that 2FA can be compromised if hacker come between the phone and bank and 2FA is not bulletproof.
(a) If you are using secure hard token as 2FA - even if hacker come between phone and bank, it is useless. Because even if hacker capture the userrid and password, there is no way hacker can capture the token number generated by hardware secured token because it is synch via token with AS (Authentication server - through timesynch - and not send over the phone connection).
Only when the OTP (One time password) is supplied and properly authenticated - can hacker steal the OTP - but will already be too late - as this OTP is used only once and not reused.
If SMS OTP is capture by hacker, hacker must be faster than the user in keying in the OTP else this OTP is used once and will be of no use later.
(b) If you use wireless@sg, you got to login first before you used. Most hawker centre are in residential estate and hardly have signal - except in town areas.
Thus using data plan are most likely in mWallet QR payment.
As long as Google Android roll down the security patches for WPA2 and Telco roll down the patches to wireless gateway -- everywhere we go with wifi - the vulnerabilities is eliminated. You only got to do it once.
As smart nation, one must not be deter by security threat once a while - as long as rescue is along the way.
This is the same as terrorist threat.
Once the WEP key is setup - it will not change. Hacker can easily do a man-in-the-middle attack to capture the IV and WEP key - and break the weak RC4 crypto.
(2) TKIP and WPA is temporary used to plug the weakness in the WEP - by using MD5 hashing to do MIC (Message Integrity Check) - to ensure the WEP IV and WEP key is not compromise but still using RC4 weak crypto.
As MD5 and RC4 are weak authentication and crypto - they can also be compromised easily.
(3) WPA2 uses the stronger AES (Advanced Encryption System) crypto - and so far this has not been compromised for a long time.
WPA2 is compromised due to the 4-way handshake through KRACK - Key Reinstallation Attack of the key that is used as nounce to trick the mobile or device client to reinstall the already used key with a nounce key and bypassing the encryption - the solid AES that still have not been broken (something like a factory reset).
It is not AES encryption that has been compromised - but the initial handshake before encryption.
(4) You mention that 2FA can be compromised if hacker come between the phone and bank and 2FA is not bulletproof.
(a) If you are using secure hard token as 2FA - even if hacker come between phone and bank, it is useless. Because even if hacker capture the userrid and password, there is no way hacker can capture the token number generated by hardware secured token because it is synch via token with AS (Authentication server - through timesynch - and not send over the phone connection).
Only when the OTP (One time password) is supplied and properly authenticated - can hacker steal the OTP - but will already be too late - as this OTP is used only once and not reused.
If SMS OTP is capture by hacker, hacker must be faster than the user in keying in the OTP else this OTP is used once and will be of no use later.
(b) If you use wireless@sg, you got to login first before you used. Most hawker centre are in residential estate and hardly have signal - except in town areas.
Thus using data plan are most likely in mWallet QR payment.
As long as Google Android roll down the security patches for WPA2 and Telco roll down the patches to wireless gateway -- everywhere we go with wifi - the vulnerabilities is eliminated. You only got to do it once.
As smart nation, one must not be deter by security threat once a while - as long as rescue is along the way.
This is the same as terrorist threat.
Like · Reply · Just now
Ricky Lim ·
Also for the time being before the security patches arrive,
(1) Just go to Settings in the mobile phone
(2) If notice the wifi is click on with wifi signal - just click it off and ensure no wifi signal is activated.
(3) go to mobile data - and click it on.
But note, this mean that you will need to pay extra if you exceed the data limit of your mobile plan.
The best is, turn wifi on for casual surfing.
Once you need to do internet banking or eCommerce transaction or mWallet QR payment - deactivate wifi and turn on mobile data.
This will ensure your transaction is not compromise.
Else someone with hacking tools will just sit in the hawker centre and start to "steal" userid and password.
(1) Just go to Settings in the mobile phone
(2) If notice the wifi is click on with wifi signal - just click it off and ensure no wifi signal is activated.
(3) go to mobile data - and click it on.
But note, this mean that you will need to pay extra if you exceed the data limit of your mobile plan.
The best is, turn wifi on for casual surfing.
Once you need to do internet banking or eCommerce transaction or mWallet QR payment - deactivate wifi and turn on mobile data.
This will ensure your transaction is not compromise.
Else someone with hacking tools will just sit in the hawker centre and start to "steal" userid and password.
Like · Reply · Just now
Ricky Lim ·
And forgot to mention that SMS OTP for 2FA - use 2 separate network.
Internet transaction say use wifi - to key in userid and password. Even though hacker steal the userid and password via wifi, it can't steal the SMS OTP which is coming from the 3G or 4G telco network (a separate network from the wifi).
Also even if use 3G or 4G network to do internet transaction - it is using the data plan network whereas the SMS OTP is coming through the separate voice plan (network) - 2 separate network.
Unless the hacker use keylogger to steal the SMS OTP when it landed on the use client device --- but it will be too late when it pipe back to the hacker server --- as the user will have already key in to gain access and render the SMS OTP useless for subsequent use.
So don't understand how hacker can compromise 2FA?
So far don't seems to have report to date that hackers have compromised 2FA - that are widely used by banks.
Internet transaction say use wifi - to key in userid and password. Even though hacker steal the userid and password via wifi, it can't steal the SMS OTP which is coming from the 3G or 4G telco network (a separate network from the wifi).
Also even if use 3G or 4G network to do internet transaction - it is using the data plan network whereas the SMS OTP is coming through the separate voice plan (network) - 2 separate network.
Unless the hacker use keylogger to steal the SMS OTP when it landed on the use client device --- but it will be too late when it pipe back to the hacker server --- as the user will have already key in to gain access and render the SMS OTP useless for subsequent use.
So don't understand how hacker can compromise 2FA?
So far don't seems to have report to date that hackers have compromised 2FA - that are widely used by banks.
No comments:
Post a Comment