Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability

  • 30-12-2011 8:52pm
    #1
    Closed Accounts Posts: 2,267 ✭✭✭


    If you use or have WPS enabled, you might wanna disable it for now!

    http://isc.sans.edu/diary.html?storyid=12292&rss
    Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 - available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN. The vulnerability was reported by Stefan Viehböck and more details are available on the associated whitepaper. In reality, it acts as a "kind of backdoor" for Wi-Fi access points and routers.
    The researcher used a Python (Scapy-based) tool that has not been release yet, although other tools that allow to test for the vulnerability have been made public, such as Reaver . The current tests indicate that it would take about 4-10 hours for an attacker to brute force the 8 digit PIN (in reality 7 digit PIN, 4+3+1 digits).

    Looks like Eircom's Netopia 2247 & UPC's Thomson TWG870UIR have WPS disabled by default. Also it seems the Netopia one supports Enrollee only, not Registrar mode, which means the STA has to register its PIN against the AP. It does not support the AP's PIN been registering against the STA which as far as my understanding is the vulnerable/bruteforacable part. The Thomson router supports both.


Comments

  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    There was a talk at 28c3 on this a week ago.
    Videos should already be live:

    http://events.ccc.de/congress/2011/wiki/Documentation


  • Registered Users, Registered Users 2 Posts: 146 ✭✭rcanpolat


    Cracking WPS with Reaver in Backtrack 5. For educational purposes only.

    http://insanitypop.com/2012/01/how-to-hack-eircom-upc-internet-wpa-wpa-2-cracking-with-reaver/


  • Registered Users, Registered Users 2 Posts: 2,353 ✭✭✭Galway K9


    Well for my own security I tried Reaver on my machine and it couldnt attack my router because WPS was disabled by default yet the article says "95 percent are vulnerable". Eircom also have WPS disabled.

    It does work tho and successfully with a few routers i have tested against i plugged into my connection.

    I tried both reaver source code and Reaver pro (bootable GUI and wifi card that supports packet injections)


  • Closed Accounts Posts: 2,663 ✭✭✭Cork24


    Any Wireless Modem is hackable,

    Even Mac-filtering is hackable by means of Mac address Cloning. and ip spoofing

    Do i use WiFi yes do i think its safe no not even 10% safe,

    I dont even need to be on the Network and i can use Wireshark to get information thats around my area, my friends as a Direct Line of Sight Antenna and what information he can pick up is scary!

    by learning what Wifi threats are out their i dont buy anything over Wifi, i plugs my laptop into the Modem when using paypal etc.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Cork24 wrote: »
    Do i use WiFi yes do i think its safe no not even 10% safe,

    That's a bit extreme. There is a nice chance if you use WPA2, with WPS disabled (which is a common default setup with routers in the last year or two) with a long non dictionary word (i.e. random characters), your safe.
    Cork24 wrote: »
    I dont even need to be on the Network and i can use Wireshark to get information thats around my area, my friends as a Direct Line of Sight Antenna and what information he can pick up is scary!

    yeah, but only if you know their wifi encryption mechanism and related decryption key. i.e. as with the case of WPA2, you would need to know their passphraze.


  • Advertisement
  • Closed Accounts Posts: 2,663 ✭✭✭Cork24


    I find it safer not to bank over wifi,

    Eircom still have not fixed the issue of apps that allow people to find the person eircom ssid which has being ship with

    http://s4dd.yore.ma/eircom/


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Cork24 wrote: »
    I find it safer not to bank over wifi,

    Eircom still have not fixed the issue of apps that allow people to find the person eircom ssid which has being ship with

    http://s4dd.yore.ma/eircom/

    This has nothing to do with WiFi security standards itself. This was a mess-up by Eircom and/or Netopia where the WEP key they set was generatable based on the broadcast SSID back in 2007. They later sent out a latter to its customers advising them to change their passphraze. Their routers some time later are shipped with WPA enabled and their passphraze algorithm is not embedded in the software on the set-up cd.


  • Closed Accounts Posts: 2,663 ✭✭✭Cork24


    This has nothing to do with WiFi security standards itself. This was a mess-up by Eircom and/or Netopia where the WEP key they set was generatable based on the broadcast SSID back in 2007. They later sent out a latter to its customers advising them to change their passphraze. Their routers some time later are shipped with WPA enabled and their passphraze algorithm is not embedded in the software on the set-up cd.


    Yes Every one did get an Letter to state that tey would need to change their Password, But as far as i know you can still use Tools like the web site above to get into a Network, it has nothing to do with Wifi Security..

    but it does show you what type of idiots are out there that allows their algorithm to be decoded nor update their algorithm after a limited number of units made


  • Registered Users, Registered Users 2 Posts: 2 sayali26


    Hi Friends.......

    A WiFi protected setup is susceptible to brute force attack Most wireless routers come with a WPS personal identification number (PIN) printed on the device.WiFi protected setup is enabled by default on branded routers.

    Perizaad


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    That's a bit extreme. There is a nice chance if you use WPA2, with WPS disabled (which is a common default setup with routers in the last year or two) with a long non dictionary word (i.e. random characters), your reasonably safe.

    FYP.

    Ever use a wifi pineapple?


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    syklops wrote: »
    FYP.

    Ever use a wifi pineapple?


    Nope, looks interesting though.


Advertisement