Wifi Protected setup is flawed - WPA/WPA2 can be recovered!

Not sure if this has been posted or not, but I recently found out that you can obtain a routers WPA/WPA2 key by brute forcing the WPS pin.

I tried the exploit on a few different routers I had lying around.. they were all cracked except for my Linksys with DD-WRT. The others were a D-link 615 , same Linksys WRT54G WITHOUT DD-WRT and an Actiontec V1000H.

I would say 8 out of 10 routers were vulnerable , according to the scanner that comes with the exploit. Each crack took anywhere from 2 - 7 hours. On a successful crack, I was given the WPS PIN and WEP/WPA/WPA2 key in plain text.

How do you mitigate this attack? Using custom firmware (such as DD-WRT) that allows you to disable WPS seems to do the trick. Other routers do, but it does not seem to really help. Obviously using WPA-Enterprise where a PSK is not used , you would be safe as well.

Read more here.

Yikes!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

powerfool

Disable WPS pin.

I have never used it... it just has never appealed to me.

RobertKaucher

This is pretty old news. The problem is that this is enabled by default on many consumer routers and on Linksys routers I am fairly sure that configuring WPS to be disabled DOES NOT disable it. So you will likely need a firmware update. Most other systems seem to be ok and Apple systems seem to have implemented it in a decent manner in that WPS is only active when it is brought up in the management console and a random 8 digit pin is generated. Systems that use a static 8 digit pin (actually a 4 digit pin followed by 3 digits and a check sum) are exceptionally vulnerable.

it_consultant

Who uses WPS anyway? Because plugging in the insane number on the router is easier than typing in my WPA2 password...

demonfurbie

its not like a radius server is all that hard to setup

franco84

For my home router i just enter the MAC addresses of the machines which normally access the network. Any other devices are not allowed

RobertKaucher

franco84 wrote: »

For my home router i just enter the MAC addresses of the machines which normally access the network. Any other devices are not allowed

You do understand that MAC addresses are not encrypted and can be pulled out of the air by even the least skilled script kiddie, right? Any IT person who thinks that this provides any level of security should have their Geek card revoked immediately and without appeal. This is like my wife thinking that if she puts an ice pack in a ziplock baggie it will keep the condensation from dripping all over. Improper mental model of how reality works.

On another note - Cisco/Linksys has issued a work around for WPS. Disable wireless radio! LOL

Article