[VOIPSEC] Cisco 7920 wireless IP Phones

Robert Moskowitz rgm at icsalabs.com
Thu May 26 20:37:45 BST 2005


At 11:46 PM 5/25/2005, Porter, Thomas (Tom) wrote:
>I'm curious how you'd go about breaking into a WPA2-AES protected
>network via traffic hijacking, interception, or impersonation. AFAIK,
>this has not been demonstrated. I'd be interested to see some examples
>of this -- my guess is that you won't be able to provide them.

No we did right with CCMP.  BUT:

Depends on the key establishment method.

I have published a paper on attacking PSK mode, and my method has been 
incorporated into the wireless attack tools.

Improper configuration of acceptable certificate trust can compromise any 
of the TLS-based EAP methods (TLS, PEAP, TTLS).  With TTLS being perhaps 
the easiest to attack in this case.


Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
VoIP:   248-291-0713
E:      rgm at icsalabs.com

There's no limit to what can be accomplished if it doesn't matter who gets 
the credit





More information about the Voipsec mailing list