iOS mysterious issues on Freeradius 3.0.14

Alan DeKok aland at deployingradius.com
Thu Mar 23 14:54:36 CET 2017


On Mar 23, 2017, at 9:37 AM, Brian Julin <BJulin at clarku.edu> wrote:
> 
> Alan Dekok wrote:
> 
>> With sufficient (i.e. minor) hacks, they can even have the certificate use your university DNS name.
> 
> Would you care to elaborate?

  https://www.jisc.ac.uk/events/networkshop44-22-mar-2016/programme/day-three

  See the EAP-TLS presentation by Arran, slides 6 and following.

  Arran wrote a nice pwn tool which acted as a RADIUS server for any SSID you set up.  When a user (e.g. BJulin at clarku.edu) connects, the tool goes to the clarku.edu web site, and downloads any HTTPS certificate it finds.  It then uses the fields from that certificate to create a new server certificate that it presents to the user.

  Users who aren't sufficiently wary can click through any warning prompts.  Because the certificate has *all of the correct humanly-readable fields*.

  There are some caveats.  In it's current state, it only works for users who don't have WiFi pre-configured.  So only they get the message of "unknown CA, do you wish to continue?"

  However... if you're willing to do a bit more work and spend more money, you could:

1) try to connect via PEAP at a university.  This should get you a copy of the CA and server cert used by the university.  And with Eduroam, you don't even need to be there in person!

2) if they use a public CA, pay the $3K or so to get a signing certificate issued by that CA

3) use that signing certificate to create your own server certificate... using the fields stolen from the real server certificate in step (1)

4) present the universities SSID to clients, with your own server cert, signing cert, and using the same CA as used by the university

5) people will connect and hand you all of their credentials.

  The benefit to this approach is that it should work even for users who already have WiFi pre-configured.  Because most supplicants historically have not cached the *server* certificate.  Instead, they only track the CA certificate.

  The main reason attackers don't do this is:

a) most people use self-signed CAs for RADIUS, which prevents the attack

b) even for people using public CAs, getting a signing cert costs money.

  But there is no *technical* reason which prevents this from happening.

  So lesson learned: ALWAYS USE A SELF_SIGNED CERTIFICATE FOR RADIUS.

  Anyone who uses a public CA for "ease of use" or "it's a public CA", or "it's secure" is doing entirely the wrong thing.  Stop it, now.  And I mean *now*.

  Alan DeKok.




More information about the Freeradius-Users mailing list