Categories: Cyber CrimeHackingMalware

WiFi Protected Setup vulnerable to Reaver tool attack

Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard used to allow easy establishment of a secure wireless home network. It has been introduced by the Wi-Fi Alliance on January 8, 2007, with tha main purpose to allow home users to set up the encryption method WPA2, as well as making it easy to add new devices to an existing network without entering long passphrases.

It has been recently discovered that WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase. The process is not so time consuming, consider that generally in few hours it is possible to retrieve the passphrase. The tool available to perform the attack is Reaver, developed by Tactical Network Solutions it is able to exploit a protocol design flaw in WiFi Protected Setup (WPS).

This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.

Usage is simple just specify the target BSSID and the monitor mode interface to use:
# reaver -i mon0 -b 00:01:02:03:04:05

How does it work? Let start considering on how WPS works. The protocol allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. Suppling the the correct PIN the access point gives back to the user the WPA/WPA2 PSK to use for network connection.

Resuming Reaver tool first determine an access point’s PIN with a brute force attack and after it extract the PSK.

The open code Reaver is available at Google Code

Moral of the story, even at home we will be safer. The vulnerability opens it to worryingscenarios, it will be easy to spy on us.

Pierluigi Paganini

References

Allar, Jared (December 27, 2011). “Vulnerability Note VU#723755 – WiFi Protected Setup PIN brute force vulnerability”. Vulnerability Notes Database. United States Computer Emergency Readiness Team. Retrieved December 28, 2011.

http://thehackernews.com/2011/12/reaver-brute-force-attack-tool-cracking.html

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.