Understanding RADIUS

RADIUS is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. It is widely used in various applications, including internet service providers, corporate networks, and wireless networks.

The Vulnerability: CVE-2024-3596

The vulnerability, identified as CVE-2024-3596, leverages an inherent flaw in the RADIUS protocol’s MD5 Response Authenticator. This design flaw allows attackers to perform an MD5 collision attack, manipulating the integrity checks and forging authentication messages.

How the Blast-RADIUS Attack Works

The Blast-RADIUS attack exploits a critical flaw in the RADIUS (Remote Authentication Dial-In User Service) protocol, which has been widely used for network authentication since 1991. This vulnerability allows attackers to perform a man-in-the-middle (MitM) attack and gain unauthorized access by forging authentication responses. Here’s a detailed look at how this attack works:

Key Components of RADIUS

1. Network Access Server (NAS): Acts as a client that verifies an end user’s credentials by sending RADIUS requests to a central server.
2. RADIUS Server: Responds to NAS with Access-Accept or Access-Reject messages based on the verification of user credentials.
3. Shared Secret: A fixed secret known only to the NAS and the RADIUS server.
4. Request Authenticator: A 16-byte random value included in request packets.
5. Response Authenticator: An MD5 hash value used to integrity-protect server responses.

Attack Mechanics

1. Adversary Interception: The attacker positions themselves between the RADIUS client (NAS) and the RADIUS server. They can intercept and modify the communication.
2. Crafting Malicious Proxy-State Attribute: The attacker injects a malicious Proxy-State attribute into a legitimate client’s Access-Request packet. This attribute is designed to be echoed back by the server in its response.
3. MD5 Collision Attack: The attack exploits the MD5 hashing algorithm’s vulnerability to chosen-prefix collisions. Here’s a step-by-step breakdown:
   • Chosen-Prefix Collision: Given two distinct prefixes P1P1P1 and P2P2P2, the attacker computes gibberish blocks G1G1G1 and G2G2G2 such that:MD5(P1∣∣G1)=MD5(P2∣∣G2)MD5(P1||G1) = MD5(P2||G2)MD5(P1∣∣G1)=MD5(P2∣∣G2)This means that the attacker can create two different messages that result in the same MD5 hash.
   • Access-Reject and Access-Accept Collision: The attacker predicts the format of the server’s Access-Reject response and creates a fake Access-Accept response. Using the MD5 collision technique, the attacker ensures that both responses have the same MD5 hash value.
4. Response Authenticator Forgery: The server computes the Response Authenticator using the formula:MD5(Code∣∣ID∣∣Length∣∣RequestAuthenticator∣∣PacketAttributes∣∣SharedSecret)MD5(Code || ID || Length || Request Authenticator || Packet Attributes || Shared Secret)MD5(Code∣∣ID∣∣Length∣∣RequestAuthenticator∣∣PacketAttributes∣∣SharedSecret)By including the malicious Proxy-State attribute, the attacker ensures the Response Authenticator for the fake Access-Accept matches the legitimate Access-Reject response.
5. Packet Replacement: The attacker intercepts the server’s Access-Reject response and replaces it with the forged Access-Accept response, keeping the Response Authenticator intact.
6. Unauthorized Access: The NAS receives the forged Access-Accept response and grants the attacker access to network resources, believing the server has authenticated them.

Detailed Attack Steps

1. Initial Access-Request: The attacker sends an Access-Request with an arbitrary incorrect password. The request includes a random Request Authenticator value.
2. Prediction of Access-Reject: The attacker predicts the server will respond with an Access-Reject message.
3. MD5 Collision Computation: The attacker computes a chosen-prefix collision between the predicted Access-Reject and a forged Access-Accept response, resulting in RejectGibberish and AcceptGibberish strings.
4. Modified Access-Request: The attacker includes RejectGibberish in the Access-Request as a Proxy-State attribute.
5. Server Response: The server processes the request, decides to reject it, and sends an Access-Reject response with RejectGibberish and a computed Response Authenticator.
6. Interception and Replacement: The attacker intercepts the Access-Reject, replaces it with the forged Access-Accept, and sends it to the NAS.
7. Access Granted: The NAS verifies the Response Authenticator, which matches the forged Access-Accept, and grants network access to the attacker.

Blast-RADIUS Attack: Simple Explanation

Imagine you’re playing a game where your friend is the game master, and they have a special secret code to allow or deny people to play. This secret code is like a password that both you and your friend know, but no one else does. Now, let’s say a sneaky person wants to play the game without knowing the password. They can use a trick called the Blast-RADIUS attack to fool your friend into thinking they are allowed to play.

How the Attack Works

1. Interception: The sneaky person (attacker) sits between you (the player) and your friend (the game master). They can see and change messages sent between you two.
2. Fake Messages: You send a message to your friend with your name and password. The attacker catches this message and changes it a little bit by adding some special, meaningless words.
3. Predicting Responses: The attacker knows that if the password is wrong, your friend will send a message saying “no, you can’t play.” They predict what this “no” message looks like.
4. MD5 Collision: The attacker uses a special trick called an MD5 collision. Think of it like finding two different jigsaw puzzle pieces that fit perfectly in the same spot. They make a fake “yes, you can play” message that looks the same as the “no” message to your friend.
5. Switching Messages: When your friend sends the “no” message back to you, the attacker catches it again and replaces it with the fake “yes” message. Since the fake message fits perfectly, your friend doesn’t realize it was changed.
6. Gaining Access: You receive the fake “yes” message, thinking your friend has allowed you to play, even though your password was wrong.

Why It Matters

This attack is dangerous because it tricks the system into giving access to someone who shouldn’t have it. It’s like letting a stranger into your secret clubhouse because they made a fake membership card that looks real.

Is the Blast-RADIUS Attack Practical?

The practicality of the Blast-RADIUS attack is a nuanced issue. Here’s a detailed breakdown:

Proof-of-Concept Feasibility

• Running Time: In proof-of-concept attacks, it took between 3 to 6 minutes to compute the MD5 chosen-prefix hash collision required for the attack. This duration is longer than the typical 30- to 60-second timeouts used in practice for RADIUS authentication.
• Parallelization: The collision algorithm used in the attack can be parallelized, meaning that with the right resources, the attack time can be significantly reduced. Hardware optimization and modern GPUs or specialized hardware like FPGAs (Field Programmable Gate Arrays) or ASICs (Application-Specific Integrated Circuits) can speed up the process.
• Resource Availability: The reported running times were based on optimizations to a 15-year-old codebase running on CPUs dating from seven to ten years ago. A well-resourced attacker could achieve much faster times by using more advanced and powerful computing resources.

Computational Cost

• Cloud Resources: Implementing the attack on cloud resources like Amazon EC2 could drastically reduce the computation time. For instance, utilizing a c7a.48xlarge instance with 192 vCPUs or a g6.48xlarge instance with 192 vCPUs and 8 NVIDIA L4 GPUs could increase the speed of the attack, with an estimated cost of around $50 per hour to exceed the computing capacity used in the proof-of-concept.

Practical Constraints

• Timeouts: The typical 30- to 60-second timeouts for RADIUS responses present a challenge, as the proof-of-concept times exceeded these limits. However, with optimized resources, this barrier can potentially be overcome.
• Network Access: The attacker needs to be in a position to act as a man-in-the-middle on the network between the RADIUS client and server. This requires significant network access, which may not always be practical or achievable without compromising other parts of the network first.

Who is Affected by These Vulnerabilities?

The Blast-RADIUS vulnerability affects nearly all RADIUS (Remote Authentication Dial-In User Service) implementations using non-EAP (Extensible Authentication Protocol) authentication methods over UDP (User Datagram Protocol). This includes:

• Enterprise Networks: RADIUS is commonly used to authenticate access to switches and other network infrastructure.
• VPN Access: Virtual Private Networks often use RADIUS for authentication.
• Internet Service Providers (ISPs): For DSL (Digital Subscriber Line) and FTTH (Fiber to the Home) services.
• Wi-Fi Authentication: Used in 802.1X and various wireless authentication scenarios.
• Cellular Networks: 2G, 3G cellular roaming, 5G DNN (Data Network Name) authentication.
• Mobile Wi-Fi Offload: Authentication using SIM cards.
• Critical Infrastructure Access: Including industrial control systems.
• Eduroam and OpenRoaming: Wi-Fi consortia for educational and public networks.

End users cannot protect themselves directly against this vulnerability; the responsibility lies with system administrators and network operators.

Can I Detect Whether This Attack Was Run on My Network?

Yes, it is possible to detect this attack, but it requires specific log files and analysis:

1. Log Files: You need detailed log files of Access-Rejects on the RADIUS server and Access-Accepts on the RADIUS client.
2. Suspicious Proxy-State Attributes: Look for Access-Accept packets with Proxy-State attributes containing random bytes in the client logs. This could indicate an attack, as end clients should not receive packets with Proxy-State attributes.
3. Comparing Logs: Find the corresponding Access-Reject response packet in the RADIUS server logs. Verify that the server’s response differs from the response received by the client, and that both contain valid Response Authenticator values for the request ID and Request Authenticator.
4. MD5 Hash Check: If both packets produce the same MD5 hash in the Response Authenticator, it indicates that the vulnerability was exploited.

How Can We Mitigate This Attack in Our System?

To mitigate the Blast-RADIUS attack, follow these recommended countermeasures:

Short-Term Mitigation

• Message-Authenticator Attributes: Ensure that clients and servers always send and require Message-Authenticator attributes for all requests and responses. For Access-Accept or Access-Reject responses, include the Message-Authenticator as the first attribute.

Long-Term Mitigation

• Encrypted Channels: Use RADIUS inside an encrypted and authenticated channel that offers modern cryptographic security guarantees. The IETF (Internet Engineering Task Force) is working on standardizing RADIUS over (D)TLS (Datagram Transport Layer Security).

Additional Steps

• Apply Patches: Check with RADIUS vendors for patches implementing these mitigations and apply them.
• Configuration Changes: Configure both clients and servers to require Message-Authenticator attributes in all communications.
• Transition to Modern Protocols: Plan to migrate to using RADIUS over (D)TLS or similar secure transport mechanisms as they become standardized and supported.

For more detailed guidance, consult the white paper authored by Alan DeKok of FreeRADIUS and the mitigation section on Blast-RADIUS.

The post Blast-RADIUS Attack Exploting Critical RADIUS Flaw Could Compromise Your Network appeared first on Information Security Newspaper | Hacking News.

• The study focuses on the Sierra Wireless AirLink cellular routers, crucial for connecting OT/IoT networks to the internet.
• These routers are used in various critical infrastructure sectors, including manufacturing, healthcare, government, energy, transportation, and emergency services.
• Sierra Wireless, OpenNDS, and Nodogsplash have patched several vulnerabilities, but challenges remain due to the abandonment of projects like TinyXML​​.

Flaws and Examples

The vulnerabilities are grouped into five impact categories​​:

1. Remote Code Execution (RCE): Attackers can take full control of a device by injecting malicious code.
2. Cross-Site Scripting (XSS): This allows for the injection of malicious code on clients browsing the ACEmanager application, potentially leading to credential theft.
3. Denial of Service (DoS): These vulnerabilities can be used to crash ACEmanager, rendering it unreachable or causing it to restart automatically.
4. Unauthorized Access: This involves design flaws like hardcoded credentials and private keys, which could allow attackers to perform man-in-the-middle attacks or recover passwords.
5. Authentication Bypasses: These allow attackers to bypass the authentication service of the captive portal and directly connect to the protected WiFi network.

Severity of Vulnerabilities: Among these 21 vulnerabilities, one is of critical severity, nine have high severity, and eleven have medium severity. These vulnerabilities could allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device, and use it as an initial access point into critical networks.

Affected Sectors: The affected devices are found in multiple critical infrastructure sectors. These include manufacturing, healthcare, government and commercial facilities, energy and power distribution, transportation, water and wastewater systems, retail, emergency services, and vehicle tracking. Additionally, these routers are used to stream video for remote surveillance and connect police vehicles to internal networks.

Extent of Exposure: Over 86,000 vulnerable routers are exposed online. Notably, less than 10% of these exposed routers have been confirmed to be patched against known vulnerabilities found since 2019, which indicates a large attack surface. Moreover, 90% of devices exposing a specific management interface (AT commands over Telnet) have reached the end of their life, meaning they cannot receive further patches​​.

Specific examples include:

• CVE-2023-40458: ACEmanager enters an infinite loop when parsing malformed XML documents, leading to DoS.
• CVE-2023-40459: A NULL-pointer dereference in ACEmanager during user authentication, leading to limited DoS.
• CVE-2023-40460: Attackers can upload HTML documents to replace legitimate web pages in ACEmanager, leading to XSS attacks.
• CVE-2023-40461 and CVE-2023-40462: Issues with uploading client certificates and client TLS keys in ACEmanager, enabling JavaScript code injection.
• CVE-2023-40463: Hardcoded hash of the root password in ALEOS, allowing unauthorized root access.
• CVE-2023-40464: Default SSL private key and certificate in ALEOS, enabling impersonation and traffic sniffing/spoofing​​.

Mitigation or Workaround

• Patching is essential. Sierra Wireless has released updated ALEOS versions containing fixes.
• Change default SSL certificates.
• Disable unnecessary services like captive portals, Telnet, and SSH.
• Deploy web application firewalls to protect against web-based vulnerabilities.
• Use OT/IoT-aware intrusion detection systems to monitor network connections​​.

Conclusion

• Vulnerabilities in OT/IoT network infrastructure are a major concern and are often left unpatched.
• Less than 10% of routers exposed online are patched against known vulnerabilities.
• Embedded devices lag in addressing vulnerabilities and implementing exploit mitigations.
• Incomplete fixes can lead to new issues, as seen with CVE-2023-40460, originating from an incomplete fix for a previous vulnerability.
• Manufacturers need to understand and address the root causes of vulnerabilities for effective long-term solutions​​.

The post Over 86,000 Routers at Risk – Is Yours One of Them? Shocking Vulnerabilities in Widely Used OT/IoT Routers appeared first on Information Security Newspaper | Hacking News.

The new method allows stealing information and data from air-gapped systems by using the SATA cables as a wireless antenna to transmit data and information from a hacked PC onto a receiver somewhere close to a distance of less than 4 feet. Air-gapped systems are used in critical environments like nuclear power plants that need to be physically isolated from networks that are connected to the public internet. The same researcher   has been involved in more than 12 projects researching various techniques for stealing data from air-gapped networks.

His team has proved that isolated networks can still allow leaking of sensitive information via signals (light, vibrations, sound, heat, magnetic or electromagnetic fields) generated by components like monitors, speakers, cables, CPU, HDDs, cameras, keyboards.

For this SATAn attack to work, an attacker first needs to infect the target device with a piece of malware. Once installed the malware can use SATA cables for performing the exfiltration by modulating and encoding it. Although air-gap computers have no wireless connectivity, malware will allow the use of the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. 

The experiments show that the SATA 3.0 cables emit electromagnetic emissions in various frequency bands; 1 GHz, 2.5 GHz, 3.9 GHz, and +6 GHz. The idea behind the covert channel is to use the SATA cable as an antenna. Also during the research they found out that reading operations on SATA are more effective in producing stronger signals than writes operation. This also makes the overall attack situation easier, as writing can often require more privileges.   Using this technique data transmission with a bit rate of 1 bit/sec is possible, which is shown to be the minimal time to generate a signal which is strong enough for modulation.

 A countermeasure proposed in the paper is that of a SATA jammer, which monitors for suspicious read/write operations from legitimate applications and adds noise to the signal.

The post New Technique “SATAn” to hack Air-Gapped computers using SATA cables as Antenna appeared first on Information Security Newspaper | Hacking News.