Loading…
44CON 2017 has ended
Wednesday, September 13 • 19:45 - 20:44
Gabriel Ryan - The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots

Sign up or log in to save this to your schedule and see who's attending!

Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the weak perimeter security provided by EAP-TTLS and EAP-PEAP, many organizations use port based NAC appliances to prevent attackers from pivoting further into the network after the wireless has been breached. This solution is thought to provide an acceptable balance between security and accessibility.

The problem with this approach is that it assumes that EAP is exclusively a perimeter defence mechanism. In a wireless network, EAP plays a subtle and far more important role. WPA2-EAP is the means through which the integrity of a wireless network’s physical layer is protected. Port-based access control mechanisms rely on the assumption that the physical layer can be trusted. Just as NACs can be bypassed on a wired network if the attacker has physical access to the switch, they can also be bypassed in a wireless environment if the attacker can control the physical layer using rogue access point attacks.

In this presentation, we will apply this concept by presenting a novel type of rogue access point attack that can be used to bypass port-based access control mechanisms in wireless networks. In doing so, we will challenge the assumption that reactive approaches to wireless security are an acceptable alternative to strong physical layer protections such as WPA2-EAP using EAP-TLS.

Speakers

Wednesday September 13, 2017 19:45 - 20:44
*Track 1*

Attendees (20)