Wifi Protected setup is flawed - WPA/WPA2 can be recovered!
NewManSoon
Banned Posts: 53 ■■□□□□□□□□
in Off-Topic
Not sure if this has been posted or not, but I recently found out that you can obtain a routers WPA/WPA2 key by brute forcing the WPS pin.
I tried the exploit on a few different routers I had lying around.. they were all cracked except for my Linksys with DD-WRT. The others were a D-link 615 , same Linksys WRT54G WITHOUT DD-WRT and an Actiontec V1000H.
I would say 8 out of 10 routers were vulnerable , according to the scanner that comes with the exploit. Each crack took anywhere from 2 - 7 hours. On a successful crack, I was given the WPS PIN and WEP/WPA/WPA2 key in plain text.
How do you mitigate this attack? Using custom firmware (such as DD-WRT) that allows you to disable WPS seems to do the trick. Other routers do, but it does not seem to really help. Obviously using WPA-Enterprise where a PSK is not used , you would be safe as well.
Read more here.
Yikes!
I tried the exploit on a few different routers I had lying around.. they were all cracked except for my Linksys with DD-WRT. The others were a D-link 615 , same Linksys WRT54G WITHOUT DD-WRT and an Actiontec V1000H.
I would say 8 out of 10 routers were vulnerable , according to the scanner that comes with the exploit. Each crack took anywhere from 2 - 7 hours. On a successful crack, I was given the WPS PIN and WEP/WPA/WPA2 key in plain text.
How do you mitigate this attack? Using custom firmware (such as DD-WRT) that allows you to disable WPS seems to do the trick. Other routers do, but it does not seem to really help. Obviously using WPA-Enterprise where a PSK is not used , you would be safe as well.
Read more here.
Yikes!
Comments
-
powerfool
Member Posts: 1,666 ■■■■■■■■□□
Disable WPS pin.
I have never used it... it just has never appealed to me.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
This is pretty old news. The problem is that this is enabled by default on many consumer routers and on Linksys routers I am fairly sure that configuring WPS to be disabled DOES NOT disable it. So you will likely need a firmware update. Most other systems seem to be ok and Apple systems seem to have implemented it in a decent manner in that WPS is only active when it is brought up in the management console and a random 8 digit pin is generated. Systems that use a static 8 digit pin (actually a 4 digit pin followed by 3 digits and a check sum) are exceptionally vulnerable. -
it_consultant
Member Posts: 1,903
Who uses WPS anyway? Because plugging in the insane number on the router is easier than typing in my WPA2 password... -
demonfurbie
Member Posts: 1,819 ■■■■■□□□□□
its not like a radius server is all that hard to setupwgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
franco84
Registered Users Posts: 1 ■□□□□□□□□□
For my home router i just enter the MAC addresses of the machines which normally access the network. Any other devices are not allowed
-
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
For my home router i just enter the MAC addresses of the machines which normally access the network. Any other devices are not allowed
You do understand that MAC addresses are not encrypted and can be pulled out of the air by even the least skilled script kiddie, right? Any IT person who thinks that this provides any level of security should have their Geek card revoked immediately and without appeal. This is like my wife thinking that if she puts an ice pack in a ziplock baggie it will keep the condensation from dripping all over. Improper mental model of how reality works.
On another note - Cisco/Linksys has issued a work around for WPS. Disable wireless radio! LOL
Article
