Announcement

Collapse
No announcement yet.

WiFi Protected Setup shown to be vulnerable to attack

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    WiFi Protected Setup shown to be vulnerable to attack

    http://arstechnica.com/business/news...ith-reaver.ars

    The attack took about six hours to properly guess the PIN and return the SSID and password for the target network.
    Having demonstrated the insecurity of WPS, I went into the Linksys' administrative interface and turned WPS off. Then, I relaunched Reaver, figuring that surely setting the router to manual configuration would block the attacks at the door. But apparently Reaver didn't get the memo, and the Linksys' WPS interface still responded to its queries—once again coughing up the password and SSID.
    I'm glad my wireless router doesn't support WPS.
    sigpic
    "Let us think the unthinkable, let us do the undoable, let us prepare to grapple with the ineffable itself, and see if we may not eff it after all."
    -- Douglas Adams
    Tags: None
    • Top
    • Bottom
    #2
    Re: WiFi Protected Setup shown to be vulnerable to attack

    But it does support WEP and WPA2, both of which can be cracked by wifite.py. WEP drops in 30 seconds. WPA takes a while longer.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.
    • Top
    • Bottom

    Comment

      #3
      Re: WiFi Protected Setup shown to be vulnerable to attack

      I guess if I actually switched on the wireless function of my router, I'd be vulnerable... fortunately, I have only the one PC (which is a desktop machine) and it connects to my router with a length of Cat 5
      sigpic
      "Let us think the unthinkable, let us do the undoable, let us prepare to grapple with the ineffable itself, and see if we may not eff it after all."
      -- Douglas Adams
      • Top
      • Bottom

      Comment

        #4
        Re: WiFi Protected Setup shown to be vulnerable to attack

        I ....a novice ......have cracked the WEP on my router several times with my Backtrack install and aircrack-ng,airmon,airplay......combo..... up to 10 characters long in an average of 20 minutes .

        WPA2 not so successful so that is what I use!

        will half to check my router and see about that WPS and try out that tool.

        VINNY
        i7 4core HT 8MB L3 2.9GHz
        16GB RAM
        Nvidia GTX 860M 4GB RAM 1152 cuda cores
        • Top
        • Bottom

        Comment

          #5
          Re: WiFi Protected Setup shown to be vulnerable to attack

          Originally posted by GreyGeek
          But it does support WEP and WPA2, both of which can be cracked by wifite.py. WEP drops in 30 seconds. WPA takes a while longer.
          WPA and WPA2 are different protocols. I haven't seen credible evidence that WPA2 is vulnerable to attack by these tools when the PSK isn't susceptible to dictionary attacks. I don't place any trust in those contrived YouTube videos.

          I've never liked WPS. Whenever you provide a backdoor mechanism around a security control, attackers will always find it.
          • Top
          • Bottom

          Comment

            #6
            Re: WiFi Protected Setup shown to be vulnerable to attack

            I haven't seen credible evidence that WPA2 is vulnerable to attack by these tools when the PSK isn't susceptible to dictionary attacks.
            That's true if you've configured your WPA2 capable router to *only* use AES encryption. However, AES+TKIP (aka PSK2 mixed mode) is known to be vulnerable. Of course, the reason for that is that it provides backward compatibility with WPA.

            IMO any router that supports that mode should include a big warning when the user enables it; something along the lines of "You are enabling both WPA and WPA2 to be in operation side-by-side - an attacker need only break ONE of the two to compromise your network".

            (Edit) On the subject of password strength & dictionary attacks, I think this cartoon is highly informative:

            [img width=400 height=324]http://imgs.xkcd.com/comics/password_strength.png[/img]
            sigpic
            "Let us think the unthinkable, let us do the undoable, let us prepare to grapple with the ineffable itself, and see if we may not eff it after all."
            -- Douglas Adams
            • Top
            • Bottom

            Comment

              #7
              Re: WiFi Protected Setup shown to be vulnerable to attack

              Originally posted by HalationEffect
              That's true if you've configured your WPA2 capable router to *only* use AES encryption. However, AES+TKIP (aka PSK2 mixed mode) is known to be vulnerable. Of course, the reason for that is that it provides backward compatibility with WPA.
              Yawp, I should have mentioned that in my post. TKIP is the greater weakness. Originally, WPA2 was going to prohibit using TKIP and support only AES-CCMP. But this has to be done in hardware to be complaint with Wi-Fi Alliance specifications. So WPA2 was "weakened" with backwards compatibility for TKIP.

              TKIP's vulnerability is that it's temporal -- that's what the "T" means. TKIP generates a key and reuses it for every datagram it sees during the time period, which is often set to a default of 60 minutes. AES-CCMP generates a new key for every datagram, making it much more resistant to attack.
              • Top
              • Bottom

              Comment

                #8
                Re: WiFi Protected Setup shown to be vulnerable to attack

                Oh -- and if you're looking for a way to disable WPS on Windows, here's how. (Windows 7; I don't remember for the relics prior versions.)

                GUI
                1. Click Start
                2. Right-click Computer
                3. Click Manage
                4. Click the triangle next to Services and Applications
                5. Click Services
                6. Find Windows Connect Now - Config Registrar
                7. Right-click it
                8. Click Properties
                9. Change the startup type to Disabled
                10. Click OK
                11. Close the Computer Management window

                Command line (elevated)
                1. Run sc config wcnsvc start= disabled

                Yes, you need the space after start= ...sigh...
                • Top
                • Bottom

                Comment

                  #9
                  Re: WiFi Protected Setup shown to be vulnerable to attack

                  Originally posted by SteveRiley
                  I've never liked WPS. Whenever you provide a backdoor mechanism around a security control, attackers will always find it.
                  +1
                  • Top
                  • Bottom

                  Comment

                  Previous template Next
                  Working...
                  X