Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

WiFi Protected Setup vulnerable to Reaver tool attack

Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard used to allow easy establishment of a secure wireless home network. It has been introduced by the Wi-Fi Alliance on January 8, 2007, with tha main purpose to allow home users to set up the encryption method WPA2, as well as making it […]

Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard used to allow easy establishment of a secure wireless home network. It has been introduced by the Wi-Fi Alliance on January 8, 2007, with tha main purpose to allow home users to set up the encryption method WPA2, as well as making it easy to add new devices to an existing network without entering long passphrases.

It has been recently discovered that WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase. The process is not so time consuming, consider that generally in few hours it is possible to retrieve the passphrase.  The tool available to perform the attack is Reaver, developed by Tactical Network Solutions it is able to exploit a protocol design flaw in WiFi Protected Setup (WPS).

This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.

Usage is simple just specify the target BSSID and the monitor mode interface to use:
# reaver -i mon0 -b 00:01:02:03:04:05

How does it work? Let start considering on how WPS works. The protocol allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase.  Suppling the the correct PIN the access point gives back to the user the WPA/WPA2 PSK to use for network connection.

Resuming Reaver tool first determine an access point’s PIN with a brute force attack and after it extract the PSK.

The open code Reaver is available at Google Code

Moral of the story, even at home we will be safer. The vulnerability opens it to worryingscenarios, it will be easy to spy on us.

Pierluigi Paganini

References 

Allar, Jared (December 27, 2011). “Vulnerability Note VU#723755 – WiFi Protected Setup PIN brute force vulnerability”Vulnerability Notes DatabaseUnited States Computer Emergency Readiness Team. Retrieved December 28, 2011.

http://thehackernews.com/2011/12/reaver-brute-force-attack-tool-cracking.html