• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Heartbleed now reforms into “Cupid” attack targeting Wi-Fi networks and Android

June 3rd, 2014 Waqas Security 0 comments
Heartbleed now reforms into “Cupid” attack targeting Wi-Fi networks and Android
Share on FacebookShare on Twitter

If you thought that Heartbleed is out of date now, and the whole cyber world is secure, then you have to change your perception because Luis Grangeia, a partner and security services manager at SysValue discovered an exploit, which he named Cupid.

He proved that the same vulnerability could also be utilized against any device running on unpatched OpenSSL version. The attack is successful on Wi-Fi networks.

Cupid is actually a two source patches target programs named “hostapd” and‘wpa_supplicant’ on Linux. The patches change the behavior of the programs to exploit the Heartbleed bug on TLS connections that run on password protected wireless networks. Hostapd is a program that is used to set an access point on Linux. Therefore, in future, it creates a wireless network configuration to connect to the client.

Wpa_supplicant is a program that is applied for wireless networks on Linux and Android.

cupid-heartbleed-wireless-attack-300x255

The difference between the previous Heartbleed attack and in this type of attack is that the TLS connection runs on EAP, which is an authentication framework used in Wi-Fi networks. EAP also used in wired networks and Peer to Peer connection.

In this attack, the types of EAP used are EAP-PEAP, EAP-TLS, and EAP-TTLS. All these EAP use TLS connection.

For a successful attack on vulnerable clients, attackers use hostapd (with the cupid patch) to set a malicious network. When the vulnerable client attempts to connect via sending request to TLS connection, the hostapd will in reply send malicious heartbeat request with vulnerability.

Author Bio:

Jason Parms is working as an Internet Marketing Manager at SSL2BUY Inc. He is specialized in implementing and creating online marketing strategies and spread the brand awareness over the web. Apart from the core profession, he also takes interest in subjects of cyber security, web security development, cyber crime, and hacking.

Follow @HackRead

  • Tags
  • Android
  • Bug
  • Cupid
  • Heartbleed
  • Linux
  • Malware
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Scarface Writer Oliver Stone to Make Film on Snowden’s Whistleblowing
Next article iOS 8 Safari Browser on iPhone and iPad Can Read Your Credit Card Details
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

39
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

25
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

72

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us