Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Wi-Fi at DEF CON - dealing with the worlds most dangerous network

Michael Horowitz | Aug. 24, 2015
The wireless network at the DEF CON hacker conference has been called the most dangerous in the world.

This was my first encounter with an 802.1x protected wireless network. All I knew about Enterprise level Wi-Fi was that each Wi-Fi user got their own unique userid/password and that it was complicated to setup because you needed a RADIUS server to authenticate users. 

For whatever reason, none of those articles that I referred to earlier about safe computing at DEF CON even mentioned the 802.1x protected network. Strange.

I was a bit lost dealing with the network. While the conference provided instructions for choosing your userid/password, there were no instructions for connecting with a Chromebook, let alone an introduction to Enterprise Wi-Fi for newbies like me. 

Connecting from a Chromebook is not as simple as merely entering the WPA2-Enterprise userid/password. There are also certificate-related choices that need to be made, and I was out of my element.

Shortly after my initial attempts to logon to the DEFCON 802.1x network failed, I found myself at a talk in the Wireless Village about Enterprise networks. The presenter asked us to try and login to his test network but, he too, was unprepared for a Chromebook.

Back at my room, search engine research led nowhere. Half of what I read was about problems with a Chromebook on Enterprise networks, the other half was documentation, mostly from schools, about how to logon to their 802.1x network with a Chromebook. At one University, the instructions said to be patient, that it was normal for a Chromebook to take over 10 minutes to make the initial connection.

Google's documentation was disappointing to say the least. It's one thing to say nothing, but when they let Arneil write that a Chrome OS device can connect to "WEP-Enterprise networks" it shows how little they care.

The next day, seeking an expert, I went back to the Wireless Village, but got there too early. Wouldn't you know it, one last try while I was waiting, succeeded.

Judging by some old comments at defconnetworking.org, dealing with digital certificates on the 802.1x secure network has been an issue well before Chromebooks. This year, attendees were instructed to download two certificates, one of which was a root for DigiCert. Android seemed to be a particular problem this year: 

It seems like there is a number of Android devices that have issues validating the server certificate for 802.1x authentication. We did some research and it seems like it is a common issue with different Android OS and hardware flavors. We can’t put our finger on it but it seems like it is the native 802.1x supplicant within Android. There are 3rd party supplicants but at this point this is not one that we can recommend. We do not encourage anyone to connect to the ESSID “DefCon” without validating the server certificate.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.