So recently there’s been a lot of news about Firesheep and how people are using it to steal your cookies through unsecured wireless connections. Then they created a tool for detecting if you’re being hacked by Firesheep called BlackSheep. All interesting stuff in which to show you that you should really be careful when accessing sensitive data over an unsecured wireless connection.
Today I was reading the following Ars Technica article: Researcher: free WiFi should use “free” password to protect users which talks about how Hong Kong government has started password protecting their free public WiFi access points. What they do is they still have unsecured wireless points, but when connected to that, all it tells you is to reconnect to a different secured WiFi access point with the given password. I was wondering if everyone has the password to this wireless access point, wouldn’t it have the same issue where people can steal your data? From the article:
“What is the value of a password if it is a ‘well-known secret?’ WPA2 negotiates unique encryption keys with every computer that connects to it,” Wisniewski wrote in a blog post. “This means you and I cannot spy on one another’s traffic even when sharing access on the same access point.”
That got me thinking why not amend the WiFi standard so it can support negotiating unique encryption keys even over unsecured connections. That way even if the initial handshake isn’t secure, anything afterwards would be.
Near the end of the article, it pointed to a BoingBoing post: Password Doesn’t Shear Firesheep. It basically states that because the password is commonly shared, anyone can sniff the packet that contains the unique encryption key that was generated. Instead he suggests using 802.1X with a shared username/password (e.g. WPA/WPA2 Enterprise + PEAP), which will protect the keying process from outsiders. However, someone has already pointed out that approach has a vulnerability called Hole196.
I haven’t gone too deep into finding out how the keying process works, but wouldn’t it be possible to provide a public key to the access point during the original handshake, in which they’ll reply with your unique key encrypted with your public key. That way, only people with access to your private key would be able to decrypt that package and get access to the unique key.
Crazy world we live in huh?
Firesheep image courtesy of =MixedMilkChOcOlate