Businesses using some of the more advanced methods for securing connections to Wi-Fi access points need to take a hard look at the configuration settings of client computers. So say researchers who have documented a simple way to impersonate trusted networks.
The attack works on access points that use the Wi-Fi Protected Access (WPA) in concert with Protected Extensible Authentication Protocol (PEAP) or other so-called Extensible Authentication Protocols (EAPs). Such technologies use public-key certificates to authenticate a trusted network to a laptop or other connected device and provide an encrypted SSL tunnel through which the two can communicate.
Problem is, laptops running Windows, OS X and various versions of Linux frequently have the security settings mis-configured, according to researchers Brad Antoniewicz and Josh Wright. Using a program called FreeRADIUS-WPE (short for FreeRADIUS Wireless Pwnage Edition), it's easy to dupe the clients into connecting to imposter networks and giving up critical information, they say.
[MORE]