A team of researchers has found vulnerabilities in implementations of the Internet Key Exchange version 1 (IKEv1) protocol in firewalls and other networking gear that support IPsec VPN tunnels. If exploited, the flaw can allow attackers to bypass authentication and impersonate clients or servers.
IKEv1 is an older version of the key exchange protocol used in IPsec, but is still officially supported in IOS, Cisco Systems’ operating system for networking devices. Researchers from Ruhr University Bochum and University of Opole found that it’s also supported in firewalls and networking devices from Huawei, Clavister and ZyXEL, even though it’s not always explicitly advertised or exposed to users.
The researchers found that IKEv1 is vulnerable to Bleichenbacher oracle attacks, a cryptographic attack technique that has been known for almost two decades. A Bleichenbacher attack involves sending modified ciphertext to a device and obtaining information about its unencrypted value based on the device’s response. When applied to IKEv1, the attack can be used to obtain the plaintext of the secret nonces exchanged during a handshake and which are normally encrypted with the public keys of the communicating parties.
Furthermore, many implementations reuse the same RSA public-private key pair for all variants of the IKE protocol they support, making the attack worse. In fact, Huawei gear also reuses the device key pair for SSH.
“With our attacks we can impersonate an IKE device: If the attack is successful, we share a set of (falsely) authenticated symmetric keys with the victim device, and can successfully complete the handshake – this holds for both IKEv1 and IKEv2,” said Dennis Felsch, a researcher at Ruhr-University Bochum, in a blog post. “The attacks are based on Bleichenbacher oracles in the IKEv1 implementations of four large network equipment manufacturers: Cisco, Huawei, Clavister, and ZyXEL. These Bleichenbacher oracles can also be used to forge digital signatures, which breaks the signature based IKEv1 and IKEv2 variants.”
Furthermore, the attackers showed in their research paper that IKE authentication methods based on pre-shared keys (PSKs), as opposed to public key encryption (PKE), can also be broken using a dictionary attack if the used PSK has a low entropy.
“We thus show attacks against all authentication modes in both IKEv1 and IKEv2 under reasonable assumptions,” Felsch said.
Cisco, Huawei, Clavister and ZyXEL have released security advisories and patches this week to address the vulnerabilities in their respective implementations. The vendors have rated the flaw with medium severity.
Smart Home Hubs Leak Data on the Internet
Tens of thousands of smart home hubs and automation servers expose sensitive information over the internet about the devices connected to them. At fault are insecure implementations and misconfigurations of the Message Queuing Telemetry Transport (MQTT) protocol.
MQTT is a protocol originally designed in 1999 for SCADA industrial applications. However, with the advance of home automation in recent years it has gained traction as a method of centrally controlling sensors, light bulbs, window shades, thermostats, door locks and other connected devices.
Users can set up their own MQTT server at home, on a PC or a dedicated device like the Raspberry Pi, using specialized software. The protocol is meant to operate on local networks and supports security features including authentication, but it’s easy for users to misconfigure it.
Researchers from Avast have found that 49,000 MQTT servers are publicly visible on the internet and 32,000 of them have no password protection.
“If the MQTT protocol is not properly configured, cybercriminals can gain complete access to a home and for example, learn when their owners are at home, manipulate entertainment systems, voice assistants, household devices, and physically open smart doors,” Martin Hron, a security expert with Avast, said in a blog post that describes in detail how MQTT can be abused and what attackers can achieve through it.