Even the king of the smartphone can’t avoid inevitable security vulnerabilities within its operating systems. Apple’s recent release of iOS 8 addresses a critical weakness present in older OS versions, which allowed potential attackers to hijack the wireless network authentication of Apple devices and gain access to corporate resources.
In a security advisory for iOS 8, Apple stated that in previously OS versions, a perpetrator could imitate an SSID, offer to authenticate with LEAP (Lightweight Extensible Authentication Protocol), break the MS-CHAPv2 network handshake and use the captured credentials to authenticate the legitimate access point even if that SSID supported stronger authentication methods. Sounds pretty scary right?
The security flaw stems from Apple’s previous implementation of the WPA2-Enterprise security protocol, which supports multiple protocols, with the most common being PEAP (Protected Extensible Authentication Protocol), which combines MS-CHAPv2 with TLS encryption. In 2012, security researchers released tools at the DEFCON conference that could be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise using MS-CHAPv2 authentication with the TLS protocol, generating a key containing users credentials that could be passed along to a password cracking service.
Researchers found that Apple devices running iOS and MAC OS X also support an older and unsecure WPA2-Enterprise authentication method called LEAP (Lightweight Extensible Authentication Protocol) that doesn’t rely on TLS and uses MS-CHAPv1. This can expose Apple devices to network hijacking even with the more secure PEAP authentication. Upgrading to iOS 8 for iPods, iPhones and iPads will fix the problem, but the jury is still out for MAC OS X devices. The team tested the attack successfully on Mac OS X 10.8.2 but believe all current versions are affected.
With more and more employees constantly on the move, it’s hard enough to protect devices, let alone username and passwords. Institutions using WPA2 Enterprise should look to auto-configuration technology to make sure each device is configured to avoid the potential for these attacks.