News‎ > ‎

Evil Twins and WPA2 Enterprise: A Coming Security Disaster?

posted Jan 11, 2018, 7:53 AM by Alberto Bartoli   [ updated Jan 12, 2018, 1:01 AM ]
This post is an introduction for the research paper “Evil twins and WPA2 Enterprise: A coming security disaster?”, to appear on Computers & Security, Elsevier ( Download link at the end of the post.

Would you trust a security technology that makes it possible (i.e., quite likely) to steal the single sign on enterprise credentials of any specific person in your enterprise by merely walking within 30 meters from that person? The attacker does not need to do any visible activity that might raise suspicions: a 50-euros device in a bag and a few seconds of physical proximity is all that is needed. The attack has to be done outside of the enterprise, Internet connectivity is not required and active cooperation of the target is not required. Thus, the attack may occur anywhere and the target would not notice anything.

And, what if that security technology made it possible (i.e. quite likely) to steal the single sign on credentials of a large fraction of people of your enterprise that happen to pass within 30 meters from an attacker? Perhaps at the canteen, or near the bus station, or anywhere outside of the enterprise?

Of course, you would not trust such a security technology. Interestingly, though, a technology of this kind is nearly ubiquitous and implicitly trusted by a lot of people and enterprises: it is WPA2 Enterprise, the suite of protocols for secure communication in wireless networks.

Scenarios like the ones outlined above are not a theoretical possibility. They are a reality whenever people connect to enterprise wireless networks with devices that are not configured correctly. While these issues are well known to practitioners (the technical details are discussed in the paper), the corresponding risks in the current technological landscape are not widely understood. The world today is very different from when WPA2 Enterprise was designed: first, everyone is now equipped with a personal wifi device and assuming that each device is configured correctly is just unrealistic; second, convergence toward single sign on architectures implies that network credentials unlock access to all services of the enterprise. It follows that attacks aimed at stealing network credentials from personal wifi enabled devices have become very attractive, because they can be carried out quickly, simply, cheaply, the probability of success is high, if successful they deliver enterprise credentials and, last but not least, they are hard to detect.

We show in the paper that by just wandering around for a few hours in regions not covered by a wireless network we collected 200 enterprise credentials. And, that by remaining for a few seconds at less than 35 meters from a specific (voluntary) target, you may steal his/her enterprise credentials; even when he/she is sitting in a car with close windows. Our experience is based on eduroam, the wireless infrastructure that federates thousands of universities and research institutes across the world and that performs billions of authentications each year, but our findings are more general as they are intrinsic to WPA2 Enterprise.

A security technology that in many, if not most, of its practical deployments puts enterprise credentials at risk is no longer acceptable. In particular, because those risks are not only underestimated, but also because they result from a design that is not secure by default.

An off the shelf device cannot connect to an enterprise wireless network securely. It has to be configured correctly by the user. The problem is, a device may connect even if the configuration is not correct, with the result that the connection will not be secure. This is no longer acceptable. Consider an off the shelf device. We are able to connect it securely to an HTTPS server whose name is known, but we are not able to connect it securely to a WPA2 Enterprise network whose name (SSID) is known.

It is not a matter of which cryptographic protocols or primitives are used; it is a matter of usability of the technology. In this respect, the recent news about the next generation of wireless protocols (WPA3) do not seem very encouraging, as there is no mention to usability and secure by default connection.

In the research paper we elaborate on the above issues (that we also compare to the recently discovered KRACK vulnerability) and suggest a direction for investigating practical solutions able to offer stronger security without requiring any overhaul of existing protocols.

The download link will be active for 50 days from January 11-th. After then, please drop an email to Comments and criticisms most welcome.

Please feel free to share this post and the download link: