In this third and final part of this series, we provide our conclusions about OWE’s ability to address the current wireless threat model, as well as our proof-of-concept attacks against the protocol.
Leave a CommentTag: eaphammer
In this second part of the series, we’ll provide an overview of how OWE works. There are already some good write-ups that provide this info at a high level, so this will be more of a hands-on technical deep device.
Leave a CommentIn early 2019, myself and fellow Denver-based researcher Steve Darracott (@theDarracott) set out to answer the question — “is Opportunistic Wireless Encryption (OWE) susceptible to abuse and attack, and if so, how?”. Ultimately, we succeeded in implementing multiple working proof of concept attacks, which we demonstrated at the DEF CON Wireless Village last summer. This series of blog posts documents our research efforts and conclusions, and discusses how OWE fits into the current wireless threat model.
Leave a CommentEAPHammer version 0.9.0 was released back in June 2019, and introduced the ability to execute both GTC and generic EAP downgrade attacks. Due to issues…
Leave a CommentThe latest version of EAPHammer greatly expands its ability to generate, import, and manage private keys and x509 certificates. This post describes these new features in detail and provides the necessary background information to understand why these new features were needed.
Leave a CommentEAPHammer now relies on its own local build of OpenSSL that exists independently of the build used by the operating system. This local OpenSSL build is linked to EAPHammer during the initial setup process, and is compiled with support for SSLv2/3 along with an array of weaker cipher suites that may be needed to communicate with legacy clients. Additionally, EAPHammer’s version of hostapd has been patched to allow SSLv2/3 support.
Leave a CommentAs a version 0.4.0, EAPHammer supports the ability to perform password spraying attacks against WPA2-EAP wireless networks.
Leave a Comment