Look Before You LEAP
Joshua Wright, an information security architect (who humorously referred to himself as a hacker several times during the presentation) from Johnson & Wales University in Providence, demonstrated -- to an audience of around 200 people -- a tool he has developed to exploit flaws in the LEAP technology.
"I call it ‘Asleep’ -- as in asleep at the wheel," Wright quipped.
This kind of hack involves the use of two applications. The first is the Kismet Linux wireless LAN network sniffer, which is similar to the popular Netstumbler tool that is available on Windows. Wright says he uses this tool to track down Cisco access points that are broadcasting in the area.
After locating his prey, it's time to bring out the big gun: the Asleep tool. This application exploits the challenge/response technique used by a Cisco system when it is trying to authenticate a client connecting to the wireless network. "Challenge/response leaks information about the network," Wright bluntly notes.
This enables a tooled-up hacker to run a so-called "dictionary attack" against the LEAP system. Wright showed two data feeds where he ran massive lists of words -- and even numbers -- against the Maginot Line of the Cisco defenses. In minutes, even seconds, the Asleep tool had found the passwords it needed to gain access to the network.
After compromising the wireless LAN, Wright says, a hacker can often leap onto other parts of a network, because a user may well have the same password to access various directories and applications.
Wright says he informed Cisco about the flaw in LEAP several months ago. In response, the firm issued a brief warning on their Website and asked for more time before he released the tool to the public. Wright now says that the tool will be generally available in a couple of months.
"They've known about this for years -- and that's what really bothers me -- [that] I had to go and point it out to them," Wright says.
— Dan Jones, Senior Editor, Unstrung