Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard used to allow easy establishment of a secure wireless home network. It has been introduced by the Wi-Fi Alliance on January 8, 2007, with tha main purpose to allow home users to set up the encryption method WPA2, as well as making it easy to add new devices to an existing network without entering long passphrases.
It has been recently discovered that WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase. The process is not so time consuming, consider that generally in few hours it is possible to retrieve the passphrase. The tool available to perform the attack is Reaver, developed by Tactical Network Solutions it is able to exploit a protocol design flaw in WiFi Protected Setup (WPS).
This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.
Usage is simple just specify the target BSSID and the monitor mode interface to use:
# reaver -i mon0 -b 00:01:02:03:04:05
How does it work? Let start considering on how WPS works. The protocol allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. Suppling the the correct PIN the access point gives back to the user the WPA/WPA2 PSK to use for network connection.
Resuming Reaver tool first determine an access point’s PIN with a brute force attack and after it extract the PSK.
The open code Reaver is available at Google Code
Moral of the story, even at home we will be safer. The vulnerability opens it to worryingscenarios, it will be easy to spy on us.
Allar, Jared (December 27, 2011). “Vulnerability Note VU#723755 – WiFi Protected Setup PIN brute force vulnerability”. Vulnerability Notes Database. United States Computer Emergency Readiness Team. Retrieved December 28, 2011.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.