Sophos Cloud Optix
See why we added comments to this site? Discussion isn’t just fun, it’s productive, too 🙂
OK, the article below isn’t such a great idea after all – having an open pre-shared key for WPA WiFi access points protects only those people who connect to the WiFi network before a miscreant comes along. Miscreants who sit in Starbucks all day nursing an UeberGrande Triple Height MegaVol can recover the session contents from those who join the WiFi network after they do.
Thanks to all those who commented. Scrub this plan. As many of you said, and as we have always agreed, the problem remains the lack of end-to-end encryption in web transactions which include personal data of any sort. Onwards and upwards!
The original article follows for completeness…
The recent hubbub around Firesheep has provided me with a golden opportunity to Venti my views on public WiFi hotspots and present my Grande Plan.
All of the attention (as intended) resulting from the release of Firesheep has been focused on the service providers and how they should be using SSL/TLS to protect users’ sessions. That’s great, even if I would have preferred a more delicate approach to proving the point.
But I think it’s the right answer to the wrong question.
The right question is this: why is “public Wifi” always synonymous with “unencrypted WiFi?” Encryption has been a basic component of WiFi technology since the first versions of 802.11 were approved. I wouldn’t suggest we go back to using WEP like we did in the early days, but even WEP is an improvement over nothing.
While Facebook and other companies should be providing us secure methods of connecting to their services, those companies kind enough to provide us with free internet access at cafes, airports and other public places are also part of the problem.
I propose standard adoption of WPA2 and a default password of “free”. Whenever you wish to connect to complimentary WiFi, you select “Courtyard Marriott” or “Starbucks” like you always have, but you are then prompted for a password.
Just type “free”. It’s not hard. In fact, operating system vendors could even program your PC to automatically try the password “free” before prompting you for a password on the assumption that you might be selecting a free service.
What is the value of a password if it is a “well-known secret?” WPA2 negotiates unique encryption keys with every computer that connects to it. This means you and I cannot spy on one another’s traffic even when sharing access on the same access point. This is not true for WEP, but nearly all 802.11g access points (the most common) support WPA2 and can provide safe, convenient, free internet access.
This is a golden opportunity for a high-profile provider of free WiFi to step up and show us how easy it is. I chose to call on Starbucks because they have a demonstrated policy of trying to do the right thing. In fact, their website says
“..we dedicated ourselves to earning the trust and respect of our customers, partners and neighbors. How? By being responsible and doing things that are good for the planet and each other.”
Starbucks partners with AT&T in the United States and Bell in Canada to provide their service. I am confident they both possess the expertise and staff to quickly convert Starbucks stores from providing fast, reliable internet access to providing fast, reliable and SECURE internet access.
Do you provide guest WiFi? Join my movement to provide a safer internet for everyone by making sure you provide secure wireless access. If you care enough to provide networking to your friends, neighbors, or customers, help them enjoy it securely.
Just use an encrypted VPN like http://proxpn.com
You can always put the password in the SSID as it can be up to 32 chars in length, i.e. "Starbucks – the password is free"
"What is the value of a password if it is a "well-known secret?" WPA2 negotiates unique encryption keys with every computer that connects to it. This means you and I cannot spy on one another's traffic even when sharing access on the same access point. This is not true for WEP, but nearly all 802.11g access points (the most common) support WPA2 and can provide safe, convenient, free internet access."
This statement is actually misleading. While the WPA2 would negotiate a unique encryption key for every computer it connects to, the key itself is generated using the name assigned to the SSID of the WiFi network along with the password.
An attacker with knowledge of both the SSID of the network and the password could easily capture the traffic from the WiFi network and then decrypt it using a rainbow table.
In fact you've made the decryption so trivial at this point that most difficult part of his job would actually be downloading the rainbow table itself.
So you'd really just be giving those users at Starbucks a false sense of security.
That is true to an extent. The fact of the matter is it would take a determined attacker to extract the information from a WPA2 secured network using a "well known secret" as opposed to any random person who installs a Firefox plugin.
The better solution is for both Facebook, Hotmail and everyone else to actually switch over to SSL/TLS and for network providers to at least make an effort to shield people from "script kiddie" interceptions. If most sessions are SSL and your WiFi is encrypted to provide you with basic privacy (can't sniff you DNS requests, etc) I consider that a step forward.
For it to be a false sense of security, you have to have some expectation of security to begin with. That is the problem. Many users of public WiFi don't understand that it is totally insecure now. Those that do understand should continue to use VPN's, SSH tunnels and other protective mechanisms regardless of access method.
I agree completely with having SSL/TLS on facebook. And yet I still don't recommend the encryption on public access WiFi.
Posting a sign in Starbucks that says: "This WiFi network is completely unprotected. As such, any surfing or other activity may be subject to eavesdropping from unknown parties. Please do not use this network for processing banking or any other similar activities."
Is way better in my opinion than a sign saying: "This WiFi network is protected. — However there is still the possibility a determined attacker could bypass this network's protection and gain access to any communications transmitted along this network. — Please use the password "free" to access it."
To use an analogy, the first sign tells you hands down the car I'm getting into doesn't have airbags or a seat belt.
The second sign, no matter how you word it is going to say the car you're getting into does have air bags and a seat belt but there's no guarantee they'll actually work as intended in the event of a collision.
Which information would you rather have?
I agree with Chester – the fact is that anyone determined enough can tap into the Ethernet cable infrastructure too – so raising the bar from "wide open" to "it takes some effort" puts the wireless infrastructure on par with the copper.
Using end-to-end encryption is the only way to really deal with this. I'm pushing all of my customers to do this.
So really, I'm just arguing for not having any security at all on public WiFi because there would be no false expectations and anyone who gets their traffic snooped on an open network knew full and well what the risks were beforehand.
You don't need rainbow tables if you already know the WPA passphrase… just use airdecap. You'll need however the initial handshake between the client and AP.
BTW, the passphrase must be at lease eight characters long. So "test" just won't cut it.
I'm not really sure "free" as password is a great idea, since a password in WPA2 is nothing but a pre-shared secret, which in turn is then used to create a unique key. The problem is, when everyone uses the same password, everyone will end up with the same key, which will be in intended use client and access point, but if someone else knows the password he will be able to come up with the same key.
Later on WPA2 uses this key derived from the password (called Pairwise Master Key, PMK) to negotiate new keys (called Pairwise Transient Key, PTK) to encrypt the actual payload, but if you're there while one of these PTKs get negotiated by use of the PMK, which will happen at the beginning of the session, and periodically during the session, then you will be able to tap this, and therefore also the whole conversation. (See also http://en.wikipedia.org/wiki/IEEE_802.11i-2004)
That's why it is suggested not to use easily guessable passwords for WPA2:
http://techviewz.org/2009/04/test-attack-wpa-psk-…
You might say now it's better to have some encryption instead of none, but I think that's even more dangerous, because people now will actually think they are secure, and will therefore feel at ease to do more dangerous stuff, while a black hat will actually have just little more inconvenience to decrypt it first based on the password he knows. In fact, a black hat might even be more attracted to such hot spots because he knows people feel more at ease to do dangerous things there.
Even easier. You just put a deauthentication spoofer into Firesheep. This forces every station on the network to do the four-way pairwise handshake again, which creates PTKs, and which can be sniffed as you can get the nonces and you know the Pairwise Master Key since you have the WPA/WPA2 Personal password. No rainbow tables required.
It would be trivial to integrate aircrack-ng into Firesheep and create Firecracker or some such. Because it can be done, it almost certainly will be done.
It'd be nice if it could support OTPs, perhaps linked to the cash register system so when you buy a product you get a key to the network.
Also, there's a hotel in Chicago (it's at 1 upper wacker, forgot which hotel tho) which has a pay connection that is open, but once you pay (through SSL) you somehow get switched over to a WPA2 (I think?) secured connection.
That's confusing but apparently doable.
As other commenters have noted, the encryption keys used in WPA-PSK are derived from the pre-shared key (the ‘password’) so a well known password would not prevent a successful sidejacking attack such as Firesheep. It does make things more difficult for the attacker, but may not be worth the hassle to users and present a false sense of security.
I have done some research (here: http://riosec.com/open-secure-wireless) on the topic of open secure wireless, with surprising results. The existing EAP-TLS standard allows for establishment of a secure connection (similar to how HTTPS sites work) without the need for a password or client certificate. Although it’s RFC compliant and basically works now, it would require vendor support for usability. I need help with communicating the idea to the WiFi Alliance, vendors, and anyone who can work on making this a reality.
Thanks,
Christopher
We have another approach that would provide secure open wireless while eliminating concerns about everyone having the same key and rogue access points using the name "starbucks."
http://blogs.iss.net/archive/WirelessSolution.htm…
Don't forget about the WPA2 Hole196 vulnerability that allows users to sniff and decrypt other users traffic. http://bit.ly/9cAHzk
The only problem is WPA2 currently needs at least 8 characters for a password.
Steve Gibson brought this up a could of weeks ago:
http://steve.grc.com/2010/10/28/instant-hotspot-p…
Wireshark does automatic WPA2 decryption for any clients that update their PTK while you are listening. What blocks Firesheep doing the same with the next update.
While this a good idea, all that it will produce in the short term is an arms race.
Deauth packets -> AP DOS -> ARP spoofing -> DHCP server on your laptop…
Short of sites that have sensitive information switching to SSL, it’s not an arms race that you can win.
Pablo beat me to it. Maybe you could try 'freefree' or 'FreeFree' or 'completelyfree' or something. That would be a good standard.
a) free is too short password for WPA2
b) wireshark can decrypt WPA2 traffic
How this guy can work in a security company and even post an article about this, I don't know…
This article is embarrassingly naive.
This is akin to using a combo-lock to secure your home, but leaving the combination in plain sight.
Adding 1 more step that can be integrated into an automated attack tool like "FireSheep"… my mind is blown at how asinine this is.
I proposed a more secure solution back in 2007. http://zd.net/dbHTIH
You don’t even need to bother with any specific username and password. I discussed this with Microsoft engineers and we talked about how it could even be a blank username/password or any username/password so that just about anyone can connect.
Your solution calls for the use of WPA-PSK which is not secure when everyone knows the PSK. That’s because you can sniff the initial connection and derive the unique session key.
George Ou
George is totally right. 802.1X with PEAP (or any secured tunnel) doesn't allow same-network users with the same user name and password to obtain the key. It's trivia with WPA-PSK.
I've wrote a lengthy reply about your proposal at https://pyrit.wordpress.com/2010/11/10/security-h… to which I may refer you.
"The argument is well-intended which however does not protect it from being completely false and misguiding due to a lack of understanding how WPA/WPA2-PSK works. The proposal boils down to security theatre where means are provided to make people feel safer while in fact they are not."
Why not accept any password. So the key would be different for anyone?
This advice is wrong on a number of levels. Turning on wireless encryption will not stop this kind of attack. What will stop it is proper secure session management on the part of the services targeted like Facebook.
Lets for a moment consider that maybe there's some secret WiFi crypto protocal that would work in the context of what you've proposed and take that off the table.
What's to stop the public WiFi owner from plugging the WiFi AP into a hub before going to their egress router? All traffic would be viewable by all connected devices. What's to stop someone from ARP poisoning the network? What's to stop the owner of the WiFi network from viewing all traffic moving past their gateway? What's to stop someone from bringing up an evil twin network to view all traffic moving past their gateway?
You've not proposed a solution, rather you've introduced confusion. The only answer here is to fix this problem at the web application layer, period, end of story. Any other solution, including using VPN services misses the point of why FireSheep was released.
What’s the big deal with unencrypted connections? Things that need to be encrypted are sent over SSL. The whole damn point of SSL is to encrypt things that need it, and most things don’t require that unless you’re a black helicopter conspiracy theorist.
If you require any action on the part of the public such as expecting them to know they have to enter some kind of idiotic password, you will only introduce headaches.
Besides, if you’re interested in getting useful data, only a moron would sit in a starbucks sifting through endless gigabytes of data while people stream, chat, surf, or whatever hoping for useful info to be transmitted in clear text.
Much easier and more effective to distribute a useful app that people voluntarily download and install themselves, install hardware keyloggers on physically accessible machines, or just get a peon level job in any business that has anything to do with health or finance.
The problem with this suggestion is the inherent trust relationship that WPA Personal Mode (Pre-Shared Keys) has with everyone that knows the password. However, this suggestion does help reduce exposer for situations such as Google Streetview Wifi collection.
To help accomplish what is being suggested here, public Wifi points should have two SSIDs:
SSID 1: "Free Wifi SignUp" would be an open WiFi which only provide SSL access to a server which allows people to create accounts (username and password).
SSID 2: "Free Secure Wifi" would be a WPA Enterprise encrypted network to the Internet.
Given that several free wifi systems required sign-up or sign-in anyways, switching to a method that supports WPA Enterprise should not be that hard. A standardized SOAP based registration system could also be created to make automation of the system easier.