All EPFSUG matters open for everyone, archived for everywhere.

Text archives Help


Re: Ang.: [EPFSUG] 14 MEPs emails intercepted by a hacker thanks to Microsoft flaws


Chronological Thread 
  • From: Dimitrios Symeonidis < >
  • To: EPFSUG < >
  • Cc: Jonas Smedegaard < >
  • Subject: Re: Ang.: [EPFSUG] 14 MEPs emails intercepted by a hacker thanks to Microsoft flaws
  • Date: Mon, 25 Nov 2013 15:14:31 +0100

Dear all, here's an update on the situation for anyone interested.

The article claims that the hacker did a MITM-over-WiFi between my smartphone and the MS Exchange server, and thereby to have stolen usernames and passwords of 14 people. What's more, the article claims that this demonstrates a vulnerability in the European Parliament's mail server (Microsoft Exchange).

As much as I dislike the increasing Microsoft monoculture in the EU institutions (Windows, Office, Exchange, and soon Sharepoint and probably also Lync), this does not seem to me like it has anything to do with Exchange specifically.

My best guess is that what they did was to impersonate the EP-EXT wifi network and steal our credentials from the login page (https://wifiauth.europarl.europa.eu/, now no longer available, see screenshot below for what it more-or-less used to look like). In this scenario, after I automatically connect to the rogue WiFi (because my phone recognizes the SSID), it presents me with the familiar login page, but this time it's not HTTPS but plain HTTP. So, no warning about a self-signed certificate is presented to the user.

Inline images 1

After I type in my credentials, the rogue WiFi is turned off for a minute or more, so my phone re-connects to the real EP-EXT network and I am asked for my credentials again. I would probably think that I mistyped the password or something and not think twice about it. After a minute the rogue WiFi goes back online, waiting for the next victim.

Does this scenario sound feasible/realistic/reasonable to you? Am I missing anything?

I explained all this to the 2 Heads of Unit of ITEC that called me on Friday morning. This morning it was announced to us that the unencrypted EP-EXT wifi network is temporarily shut down, and everyone was invited to obtain a digital certificate in order to be able to connect to the EP-PRIVATE wifi network (WPA-Enterprise, RADIUS, MSCHAP).

Best regards
--
Dimitrios Symeonidis
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man."
- George Bernard Shaw

Attachment: epext login page.PNG
Description: PNG image




Archive powered by MHonArc 2.6.18.

Top of page