I've read on a few sites that it's possible to conduct MITM attacks over WPA2-secured connections. So for example I could replace the content of a site a user tries to access over HTTP. Is this true? If so, how? My understanding is that during the WPA2 handshake the router and the user exchange a secret and use it to encrypt all their communication. Is there simply a bug in the protocol or implementation?
2 Answers
WAP2 only secures the wifi against outsiders. Once you are in the inside, e.g. using the service, your transmission medium is considered trusted, and it is up to the other layers to use other means of security and/or encryption. Or put otherwise, the encryption done at WPA2 only is effective for who is kept outside the network.
Regular spoofing attacks techniques do work over wifi too albeit some professional equipments have mitigations measures.
Wifi gives you a emulation of a cable network connection once you are authenticated. ARP spoofing is done exploiting the way ethernet/layer 2 works. It does not matter which protocol authentication you are using, what it matters is that you are in an emulated ethernet connection for ARP spoofing to work. In an enterprise setting the complication is that broadcasts/ARP spoofing mitigation measures can exist as the equipment has more functionalities, but that got nothing to do with the authentication protocol.
Please also do keep in mind that while wifi is a shared medium, supplementary configurations can be done, like doing 802.1X and having VLANs inside wifi, and so effectively you will only be able to listen/spoof in the VLAN your login is authorised to access.
Far more serious than spoofing, is however if the wifi providers are compromised or bad actors. It is a child´s play to divert your requests via a untrustworthy DNS, and also routinely in wifi/captive web portals DNS requests for the outside are captured and divert to the internal DNSes.
Please see my other post in this thread for related considerations about hijacking browser connections.
Is HTTPS able to prevent ARP poison attack in LAN?
To put it simply, the above considerations are the reason why when you are in public wifis, it is advisable to use VPN technologies to protect yourself.
- 1,736
- 9
- 15
-
Can you please provide any useful documents or other reads on how WPA2-PSK (TKIP), WPA2-PSK (AES) differ in terms of MitM? Does the unique key used per connection for encryption mitigate any kinds of attacks, etc. ? Thanks – bayo Jan 17 '16 at 14:40
-
They dont differ that is the key. You do not attack the authentication protocol but the medium once you are authenticated, the medium is (shared) wifi. What you are asking is akin of asking "how can that guys over there swim in the pool and not in the river, when the water is protected from theft with water pipes". It really does not matter if they paid the pool entry with cash, credit card or have a monthly signature, what it matters is that they are inside. – Rui F Ribeiro Jan 17 '16 at 14:47
-
1I am still a bit confused because I don't get the point of computing different encryption keys for each client, when the encryption protects only from attackers outside of the network. I need to dig more into this, anyway Thanks. – bayo Jan 17 '16 at 14:51
-
I think I am getting it, finally. However, with WPA2-Enterprise this will be more tricky as the keys are derived completely independently for each client (no PSK), right? – bayo Jan 17 '16 at 15:00
-
1Wifi gives you a emulation of a cable network connection *once* you are authenticated. ARP spoofing is done exploiting the way ethernet/layer 2 works. It does not matter with protocol authentication you are using, what it matters is that you are in an emulated ethernet connection for ARP spoofing to work. In an enterprise setting the complication is that broadcasts/ARP spoofing mitigation measures can exist as the equipment has more functionalities, but that got nothing to do with the authentication protocol. – Rui F Ribeiro Jan 17 '16 at 15:03
-
Why doesn't WPA2 encrypt each user separately? The user and router already share a secret! – Elliot Gorokhovsky Jan 17 '16 at 17:05
-
The protocol is there for the security of the medium...as I said for extra encryption, use a VPN. The only similar medium technology where indeed every user is encrypted in a totally secure way in a shared medium, is DOCSIS for cable modem networks. – Rui F Ribeiro Jan 19 '16 at 13:35
-
1Oh!!! I understand the problem. The shared secret — the passphrase — is also shared by the attacker. – Elliot Gorokhovsky Jan 19 '16 at 19:31
-
Exactly. No small wonder most of the attacks on the encription protocol have as objective finding out the passphrase – Rui F Ribeiro Jan 19 '16 at 19:47
Sadly you have asked the question too early (Jan 2016) and the bug was actually found much later (2017):
WPA2 in its original design, was intended to defend against MITM attack (using the 4 way handshake).
So without this vulnerability, it is not possible to play MITM attack on it.
But because of this KRACK vulnerability (which resulted in the key resetting to zero, or so called "Key Reinstallation Attack - KRACK") iformation can be transfer as decrypted. The WPA2 password is still not leaked and kept secret, but is not used at all, as the zero key are used.
So if you communicate via HTTP, it can be MITM attack. Intruder does not know your WPA2 password and yet can MITM your HTTP traffic.
But if you communicate via HTTPS, MITM is not possible, as your client-end browswer will only recognize known public webserver, so your man-in-the-middle server will not authenticate successfully.
- 311
- 2
- 8
-
I think I was talking more about ARP spoofing, but this is really interesting too! – Elliot Gorokhovsky Apr 29 '18 at 19:37
-
WPA2 with its 4 way handshake, is to protect against MITM via arp spoofing, so Ettercap/bettercap will not work. Provided you don't know the WPA2 passphrase. :-). – Peter Teoh May 01 '18 at 01:37