{"id":5681,"date":"2014-06-03T12:57:41","date_gmt":"2014-06-03T16:57:41","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5681"},"modified":"2014-06-03T12:57:41","modified_gmt":"2014-06-03T16:57:41","slug":"meet-cupid-the-heartbleed-attack-that-spawns-evil-wi-fi-networks","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/03\/meet-cupid-the-heartbleed-attack-that-spawns-evil-wi-fi-networks\/","title":{"rendered":"Meet \u201cCupid,\u201d the Heartbleed attack that spawns \u201cevil\u201d Wi-Fi networks"},"content":{"rendered":"<div class=\"article-content clearfix\">\n<figure class=\"intro-image image center full-width\" style=\"width:640px;\"><a class=\"enlarge\" href=\"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1.png\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=579%2C327\" alt=\"\" width=\"579\" height=\"327\" \/><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a class=\"enlarge\" href=\"http:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1.png\" target=\"_blank\">Enlarge<\/a> \/ A packet capture showing Cupid attacking a wireless network.<\/div>\n<div class=\"caption-credit\"><a href=\"http:\/\/www.sysvalue.com\/wp-content\/uploads\/2014\/05\/heartbleed_cupid_img1.png\" target=\"_blank\" rel=\"nofollow\">SysValue<\/a><\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<\/figcaption><\/figure>\n<p>It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients.<\/p>\n<p>Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy &#8220;evil networks&#8221; that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers.<\/p>\n<p>The <a href=\"https:\/\/github.com\/lgrangeia\/cupid\/\" target=\"_blank\">release of Cupid<\/a> comes <a href=\"http:\/\/arstechnica.com\/security\/2014\/04\/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping\/\" target=\"_blank\">eight weeks after the disclosure of Heartbleed<\/a>, one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in &#8220;heartbeat&#8221; functions designed to keep a transport layer security (TLS) connection alive over an extended period of time.<\/p>\n<aside class=\"pullbox sidebar story-sidebar right\">\n<h3 class=\"further-reading\">Further Reading<\/h3>\n<p><a href=\"http:\/\/arstechnica.com\/security\/2014\/04\/vicious-heartbleed-bug-bites-millions-of-android-phones-other-devices\/\"><img data-recalc-dims=\"1\" height=\"150\" width=\"300\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/04\/Anopheles_stephensi-300x150.jpeg?resize=300%2C150\" alt=\"\" \/><\/a><\/p>\n<h2><a href=\"http:\/\/arstechnica.com\/security\/2014\/04\/vicious-heartbleed-bug-bites-millions-of-android-phones-other-devices\/\" target=\"_blank\">Vicious Heartbleed bug bites millions of Android phones, other devices<\/a><\/h2>\n<p>Not the exclusive province of servers, Heartbleed can hack end users, too.<\/p>\n<\/aside>\n<p>Heartbleed is best known for giving end users the ability to pluck data out of vulnerable servers. But it turns out that the bug can be <a href=\"http:\/\/arstechnica.com\/security\/2014\/04\/vicious-heartbleed-bug-bites-millions-of-android-phones-other-devices\/\" target=\"_blank\">used to the same effect against virtually any device<\/a> running an unpatched version of OpenSSL. Cupid streamlines the process of exploiting devices connecting over wireless networks that are secured using the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Extensible_Authentication_Protocol\" target=\"_blank\">extended authentication protocol<\/a> (EAP), which many large organizations use to password-protect access.&#8221;This is basically the same attack as Heartbleed, based on a malicious heartbeat packet,&#8221; Luis Grangeia, a partner and security services manager at SysValue and the creator of Cupid, wrote in a <a href=\"http:\/\/www.sysvalue.com\/en\/heartbleed-cupid-wireless\/\" target=\"_blank\">blog post published Friday<\/a>. &#8220;Like the original attack, which happens on regular TLS connections over TCP, both clients and servers can be exploited and memory can be read off processes on both ends of the connection. The difference in this scenario is that the TLS connection is being made over EAP, which is an authentication framework\/mechanism used in Wireless networks. It\u2019s also used in other situations, including wired networks that use 802.1x Network Authentication and peer to peer connections.&#8221;<\/p>\n<p>Grangeia said a client attacking a router doesn&#8217;t need to\u00a0have a valid password, although a valid username is sometimes required. That requirement isn&#8217;t much of a hurdle, however, since usernames are transmitted unencrypted, making them easy for an attacker to sniff over the air. Malicious\u00a0networks running Cupid need no user credentials to attack vulnerable clients. Among the clients that remain vulnerable are handsets running versions 4.1.0 and 4.1.1 of Google&#8217;s Android mobile operating system.<\/p>\n<p>The researcher said he hasn&#8217;t tested vulnerable routers to see exactly what kind of memory contents they will divulge in a Heartbleed attack. &#8220;Most of the memory is zeroed out, but cursory inspection found interesting stuff on both vulnerable clients and servers,&#8221; he wrote. &#8220;I can speculate that most likely the private key of the certificate used on the TLS connection is in memory. What can also be in memory is the user credentials used for authenticating the connection.&#8221;<\/p>\n<p>Most home networks are probably safe from Cupid since home and small office routers typically use <a href=\"http:\/\/en.wikipedia.org\/wiki\/Wi-Fi_Protected_Access\" target=\"_blank\">Wi-Fi Protected Access<\/a> without EAP for authentication. Wireless devices in corporations and other large organizations may be more susceptible, since EAP-capable routers often don&#8217;t receive updates in a timely fashion. Any smartphone or other type of client is vulnerable if it&#8217;s running wireless software that relies on an old version of OpenSSL.<\/p>\n<p>via <a href=\"http:\/\/arstechnica.com\/security\/2014\/06\/meet-cupid-the-heartbleed-attack-spawns-evil-wi-fi-networks\/\" target=\"_blank\">ArsTechnica<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Enlarge \/ A packet capture showing Cupid attacking a wireless network. SysValue &nbsp; &nbsp; It just got easier to exploit [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[242,475,774],"class_list":["post-5681","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-cupid","tag-heartbleed","tag-openssl"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1tD","jetpack-related-posts":[{"id":8278,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/05\/13\/venom-vulnerability-more-dangerous-than-heartbleed-targets-most-virtual-machines\/","url_meta":{"origin":5681,"position":0},"title":"Venom vulnerability more dangerous than Heartbleed, targets most virtual machines","author":"NCCT","date":"May 13, 2015","format":false,"excerpt":"Researchers have uncovered a new bug that\u2019s much more dangerous than last year\u2019s Heartbleed vulnerability. Venom, short for Virtualized Environment Neglected Operations Manipulation, could allow an attacker to infiltrate a datacenter and take over its entire network. As ZDNet notes, most datacenters use virtual machines to segregate customers, allowing the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":5958,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/10\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/","url_meta":{"origin":5681,"position":1},"title":"Crypto certificates impersonating Google and Yahoo pose threat to Windows users","author":"NCCT","date":"July 10, 2014","format":false,"excerpt":"People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties. A blog post published Tuesday by Google security engineer Adam Langley said\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":6634,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/15\/google-discovers-vulnerability-in-ssl-3-0-dubbed-poodle\/","url_meta":{"origin":5681,"position":2},"title":"Google discovers vulnerability in SSL 3.0 dubbed &#8216;Poodle&#8217;","author":"NCCT","date":"October 15, 2014","format":false,"excerpt":"Google has published details of a vulnerability in the design of SSL version 3.0. The attack, referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption), allows the plaintext of secure connections to be calculated by a network attacker according to a Google blog post on the matter. Despite the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6573,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/09\/analysis-wireless-data-caps-more-about-profit-than-congestion\/","url_meta":{"origin":5681,"position":3},"title":"Analysis: Wireless data caps more about profit than congestion","author":"NCCT","date":"October 9, 2014","format":false,"excerpt":"Wireless carriers like to say that monthly data caps are necessary to prevent heavy users from slowing down less active ones. After surveying the four biggest carriers this year, the US Government Accountability Office reported that \u201csome wireless ISPs told us they use UBP [usage-based pricing, i.e. data caps] to\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5871,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/01\/free-wi-fi-networks-in-sf-san-jose-enable-seamless-switching-with-hotspot-2-0\/","url_meta":{"origin":5681,"position":4},"title":"Free Wi-Fi networks in SF, San Jose enable seamless switching with Hotspot 2.0","author":"NCCT","date":"July 1, 2014","format":false,"excerpt":"San Francisco and San Jose are now at the cutting edge of another tech trend, and one that has nothing to do with smartwatches or social-media startups\u2014not directly, at least. The two cities have geared up their free public Wi-Fi networks so users can automatically get on both after going\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6754,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/31\/call-capable-samsung-gear-s-smartwatch-launches-nov-7-in-u-s\/","url_meta":{"origin":5681,"position":5},"title":"Call-capable Samsung Gear S Smartwatch Launches Nov 7 in U.S.","author":"NCCT","date":"October 31, 2014","format":false,"excerpt":"The Gear S will land on all four major U.S. wireless carriers Samsung delivered a bit of bad news this morning with its Q3 2014 earnings report, but the company is at least looking forward to making some waves in the wearables market with the official U.S. launch of its\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5681"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5681\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}