Expert releases Cisco wireless hacking tool

The hacking tool targets networks using the LEAP wireless authentication protocol

By Paul Roberts

April 8, 2004 12:00 PM ET

Recommended

IDG News Service - One day after it disclosed a security vulnerability in a wireless networking product (see story), Cisco Systems Inc. must contend with a new threat -- the long-promised release of a hacking tool that targets wireless networks running its LEAP wireless authentication protocol.
The tool, called Asleap, allows users to scan the wireless network broadcast spectrum for networks using LEAP (Lightweight Extensible Authentication Protocol), capture wireless network traffic and crack user passwords, according to a message posted to the Bugtraq online security discussion group yesterday.
Cisco didn't immediately respond to requests for comment.
The tool was designed to compromise WLANs using LEAP with so-called dictionary attacks that exploit weakly protected passwords, according to the message, which purports to be from Joshua Wright, a network engineer at Johnson & Wales University in Providence, R.I. Wright made headlines last year after he publicized the password vulnerability in LEAP (see story).
A demonstration of the Asleap tool in August at the DEFCON security conference prompted Cisco to issue a bulletin to customers warning of LEAP's vulnerability to dictionary attacks.
The tool uses off-line dictionary attacks to break LEAP passwords. In such attacks, malicious users must capture WLAN traffic in which legitimate users try to access the network. Next, the attacker analyzes that traffic off-line and tries to guess the password by testing long lists of possible values from a "dictionary" of terms, eventually "guessing" the correct value.
Wright's tool makes it easy to capture the required log-in traffic by allowing attackers to spot WLANs using LEAP and then deauthenticate users on the WLAN, forcing them to reconnect and re-enter their user name and password. That makes capturing the wireless traffic with hidden password information easy, Wright said.
The tool also allows attackers to scour large dictionaries of terms, comparing approximately 45 million possible values per second to the captured authentication traffic to guess the password and break LEAP's security, he said.
After sending a copy of the tool to Cisco in August, Wright agreed to wait for the company to find a more secure replacement for the protocol before releasing his tool to the public. In February, Cisco unveiled a new WLAN security protocol designed to stop dictionary attacks called Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) (see story).
In his latest message, Wright said he was releasing the tool to the public to help LEAP users "evaluate the risks of using LEAP as a mechanism to protect the security of wireless networks." Wright also posted a link to a Web page where

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Cybercrime/Hacking

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.