A researcher has uncovered new ways to exploit the Heartbleed OpenSSL vulnerability, potentially exposing enterprise wireless networks, and the devices that connect to them, to a new wave of Heartbleed attacks.
Originally exposed in April, Heartbleed is a critical vulnerability in the OpenSSL encryption library that could expose up to 64 KB of memory on a vulnerable client or server if exploited, including keys used for X.509 certificates, authentication credentials and other communication protected by the open source encryption project.
The Heartbleed flaw was the result of a missing bounds check in the handling of the TLS heartbeat extension, and was thought to be exploitable only over TCP connections and after the TLS handshake. However, Luis Grangeia, a researcher with Portugal-based infosec consulting firm Sysvalue, found new ways to exploit the OpenSSL vulnerability.
In a May 30 blog post, Grangeia provided details on the new proof-of-concept, dubbed Cupid, which exposes TLS connections over the Extensible Authentication Protocol (EAP), and that allows for the deployment of authentication mechanisms like smart cards and one-time passwords over wireless networks. Grangeia explained that the EAP mechanisms potentially affected by Cupid include those that use TLS, namely EAP-PEAP, EAP-TLS and EAP-TTLS.
As for how an attack would work, Grangeia explained that Cupid -- available in the form of two software patches on GitHub that modify aspects of the Linux operating system -- can be used to exploit either clients or servers over TLS in a similar manner as the original Heartbleed flaw. Cupid does not rely on an attacker obtaining authentication credentials, according to Grangeia, because the vulnerability is triggered before a password is required.
Grangeia also emphasized that a fully established TLS connection is unnecessary for Cupid, and that no key or certificates need to be exchanged.
"To exploit vulnerable clients, hostapd [with the Cupid patch] can be used to setup an 'evil' network such that, when the vulnerable client tries to connect and requests a TLS connection, hostapd will send malicious heartbeat requests, triggering the vulnerability," Grangeia wrote in his blog post. "To exploit vulnerable servers, we can use wpa_supplicant with the Cupid patch. We request a connection to a vulnerable network and then send a heartbeat request right after the TLS connection is made."
Not enough testing has been done on Cupid to know exactly what details could be exposed in the memory of vulnerable systems, Grangeia noted, but he speculated that the private key used for the TLS connection and the credentials used to authenticate the connection are likely to be compromised in such an attack.
Grangeia did confirm that the default installations of wpa_supplicant, hostapd and freeradius are all exploitable via Cupid on systems running Ubuntu with a vulnerable version of OpenSSL. Android users running versions 4.1.0 and 4.1.1 with a vulnerable OpenSSL implementation may also be susceptible to Cupid, said Grangeia, because all versions of Android use wpa_supplicant to connect to wireless networks.
Home routers are safe because they do not utilize EAP mechanisms, Grangeia said, but enterprise wireless networks are likely to be vulnerable.
"If you have a corporate wireless solution on your company you should look at this problem, since most of the managed wireless solutions use EAP-based authentication mechanisms-- and some companies use OpenSSL. You should look at having your equipment tested or contacting your vendor [to] ask for more information," Grangeia said. "You should also look at this issue if you have any type of EAP authentication mechanism on your corporate network. Note that 802.1x network access controlled wired networks might also suffer from this problem."
Kevin Bocek, vice president of security strategy and threat intelligence at Salt Lake City, Utah-based data security vendor Venafi Inc., confirmed that with Cupid there is the potential of cybercriminals pulling private keys and digital certificates through routers without the need for a valid password.
"This may have been the first variant of the Heartbleed bug, but it will not be the last," Bocek said. "Hackers know the value that keys and certificates add to their toolkit and will continue to exploit them until businesses have them fully inventoried and know where they all are at any given time."