OpenSSL heartbeat bug on WiFi networks (Heartbleed)
On April 7, 2014, an OpenSSL severe vulnerability in TLS heartbeat extension (CVE-2014-0160) was published that affects many services, such as Web servers, email systems, etc., and that may also affect WiFi heartbeat.
The heartbeat security breach allows remote reading of memory fragments from the TLS OpenSSL remote service. Due to the severity of this vulnerability, all OpenSSL-based software should be updated and services should be restarted to prevent an attack. While writing this article, this vulnerability has been leveraged to steal cryptographic keys, cookies, and user names and passwords from sites like Yahoo.
Heartbeat Length field has two bytes. OpenSSL does not check heartbeat byte size and relies on structure length provided by the user. As a result, 64k of data can be read from the remote service. Check if you are vulnerable to this bug here: https://filippo.io/Heartbleed/
OpenSSL and WiFi Heartbeat Represent a Security Flaw on 802.1x Networks
Since Radius services such as freeradius also use TLS connections with WPA Enterprise encryption authentication (802.1x), WiFi heartbeat represents an actual security flaw that can allow unauthorized access to a corporate WiFi network.
An attacker could encapsulate messages like the ones sent by the Heartbleed script and could obtain Radius server information that would allow him access to a private WiFi network.
While viability of an attack on an EAP-TLS network and other authentication mechanisms using TLS tunnels is confirmed, it is recommended to download and install all manufacturer security updates whenever possible. Remember to update the Radius server and update the service to protect your WLAN.
Dr. Stephen Henson OpenSSL patch, the same who introduced the bug two years ago, is available here.