New Wireless Attack

A recent post on AvertLabs.com reveals a method of attacking PEAP and EAP/TTLS authentication on wireless networks. The attack involves impersonating a wireless access point and hoping the client fails to examine the authentication server’s certificate.

The severity of this issue is further escalated when the client is configured not to validate the server certificate at all. Unfortunately, this is the most common configuration I’ve seen used within organizations. It should be noted that because this is a configuration related attack, [Windows Zero Configuration] is not the only vulnerable client supplicant. OSX’s client, Juniper’s Odyssey Client, and virtually every other wireless supplicant is vulnerable as well.

When using wireless communications, it pays to be extra cautious. The author provides a link to his whitepaper on 802.11 attacks which is a nice look at the many different ways to hack wireless networks. I recommend looking through it as a reminder of how important it is to be aware of what you are sending into the air.