Heartbleed now reforms into “Cupid” attack targeting Wi-Fi networks and Android

If you thought that Heartbleed is out of date now, and the whole cyber world is secure, then you have to change your perception because Luis Grangeia, a partner and security services manager at SysValue discovered an exploit, which he named Cupid.

He proved that the same vulnerability could also be utilized against any device running on unpatched OpenSSL version. The attack is successful on Wi-Fi networks.

Cupid is actually a two source patches target programs named “hostapd” and‘wpa_supplicant’ on Linux. The patches change the behavior of the programs to exploit the Heartbleed bug on TLS connections that run on password protected wireless networks. Hostapd is a program that is used to set an access point on Linux. Therefore, in future, it creates a wireless network configuration to connect to the client.

Wpa_supplicant is a program that is applied for wireless networks on Linux and Android.


The difference between the previous Heartbleed attack and in this type of attack is that the TLS connection runs on EAP, which is an authentication framework used in Wi-Fi networks. EAP also used in wired networks and Peer to Peer connection.

In this attack, the types of EAP used are EAP-PEAP, EAP-TLS, and EAP-TTLS. All these EAP use TLS connection.

For a successful attack on vulnerable clients, attackers use hostapd (with the cupid patch) to set a malicious network. When the vulnerable client attempts to connect via sending request to TLS connection, the hostapd will in reply send malicious heartbeat request with vulnerability.

Author Bio:

Jason Parms is working as an Internet Marketing Manager at SSL2BUY Inc. He is specialized in implementing and creating online marketing strategies and spread the brand awareness over the web. Apart from the core profession, he also takes interest in subjects of cyber security, web security development, cyber crime, and hacking.

Related Posts