Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

Enlarge / A packet capture showing Cupid attacking a wireless network.



It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients.

Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy “evil networks” that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers.

The release of Cupid comes eight weeks after the disclosure of Heartbleed, one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in “heartbeat” functions designed to keep a transport layer security (TLS) connection alive over an extended period of time.

Heartbleed is best known for giving end users the ability to pluck data out of vulnerable servers. But it turns out that the bug can be used to the same effect against virtually any device running an unpatched version of OpenSSL. Cupid streamlines the process of exploiting devices connecting over wireless networks that are secured using the extended authentication protocol (EAP), which many large organizations use to password-protect access.”This is basically the same attack as Heartbleed, based on a malicious heartbeat packet,” Luis Grangeia, a partner and security services manager at SysValue and the creator of Cupid, wrote in a blog post published Friday. “Like the original attack, which happens on regular TLS connections over TCP, both clients and servers can be exploited and memory can be read off processes on both ends of the connection. The difference in this scenario is that the TLS connection is being made over EAP, which is an authentication framework/mechanism used in Wireless networks. It’s also used in other situations, including wired networks that use 802.1x Network Authentication and peer to peer connections.”

Grangeia said a client attacking a router doesn’t need to have a valid password, although a valid username is sometimes required. That requirement isn’t much of a hurdle, however, since usernames are transmitted unencrypted, making them easy for an attacker to sniff over the air. Malicious networks running Cupid need no user credentials to attack vulnerable clients. Among the clients that remain vulnerable are handsets running versions 4.1.0 and 4.1.1 of Google’s Android mobile operating system.

The researcher said he hasn’t tested vulnerable routers to see exactly what kind of memory contents they will divulge in a Heartbleed attack. “Most of the memory is zeroed out, but cursory inspection found interesting stuff on both vulnerable clients and servers,” he wrote. “I can speculate that most likely the private key of the certificate used on the TLS connection is in memory. What can also be in memory is the user credentials used for authenticating the connection.”

Most home networks are probably safe from Cupid since home and small office routers typically use Wi-Fi Protected Access without EAP for authentication. Wireless devices in corporations and other large organizations may be more susceptible, since EAP-capable routers often don’t receive updates in a timely fashion. Any smartphone or other type of client is vulnerable if it’s running wireless software that relies on an old version of OpenSSL.

via ArsTechnica