 Reviews:
 ·RoadRunner Cable
4 edits | This is a game changer This is big news.
We've had a lot of scarey FUD articles on supposed "cracks" to WPA which were never really true, but this appears to be the real deal. WPA / WPA2 is essentially bypassed.
WPS is enabled by default on a lot of routers. I will be penetration testing this very shortly to see how usable it is.
I fully expect backtrack to have a tool available well before this researcher releases his own.
The link provided has a broken link in the article ( it links to the PDF paper both time when one should link here )
»sviehb.wordpress.com/2011/12/27/···ability/
I encourage everyone to post on his site and ask him to release the code to the open source community. | |
|
 | | | Re: This is a game changer No doubt a Backtrack LiveCD will probably be available in very little time. Hell, I wouldn't put it past someone to have a tool that utilizes CUDA in NVIDIA GPUs to break the code even faster within a months time of initial release of the exploit. | |
|
| | | | Re: This is a game changer said by PapaMidnight:Hell, I wouldn't put it past someone to have a tool that utilizes CUDA in NVIDIA GPUs to break the code even faster within a months time of initial release of the exploit. This isn't about breaking the code, it is about a brute-force attack that leverage a dumb flaw in how the WPS key is checked.
What is the dumb flaw? Instead of checking the whole 7-digits PIN in one go, the WPS process splits the PIN in two and authenticates the two halves separately, which means the attacker needs to do 10^4 exhaustive searches to find the first half and 10^3 to find the second half once it has found the first instead of having to search 10^7 in one go. This cuts down the amount of attempts from 10 millions to 11 thousands, ~3h if you are unlucky at 1 attempt per second.
The speed at which this brute force attack can be executed is only limited by how fast the target router/AP will accept connection attempts... using CUDA to increment counters won't let you attempt connections any faster than the router will accept them. | |
|
| | | | | Re: This is a game changer I interpreted the exploitation method incorrectly. My mistake. | |
|
| | | | As invalid error stated the crack will not speed up. The bottle neck is the router CPU and packet respond interval. | |
|
| | Will be faster soon Now is 2 hours, give it 6 month and it will be 10 min. | |
|
Reviews:
·Comcast
 ·AT&T Yahoo
| Turn it off people ! until this is solved... If you don't know how to add someone to your wireless network, read your instructions and protect yourself, ask a friend, family, co-worker, and see if they can help you out...  | |
|
| | | Re: Turn it off people ! Folks,
Now would be a good time to audit your router logs and reconcile MAC's to your known devices. If anything looks fishy, setup up MAC address filtering, hide your SSID, change your WPA/WPA2 password.
Bottom line, all users need to be aware of the security needs of their systems and networks.
Do your due diligence to protect yourself. | |
|
| | | | Re: Turn it off people ! said by millerja01a:Folks,
Now would be a good time to audit your router logs and reconcile MAC's to your known devices. If anything looks fishy, setup up MAC address filtering, hide your SSID, change your WPA/WPA2 password.
I fully believe that hiding your SSID is pointless as a security measure. I equate it to an anecdote I had while talking with a guy I know who works for parking enforcement. One day, he's walking around doing regular rounds on patrol when he happens across 2 cars parked in a fire zone (outside of the regular loading zone). He says he might have never noticed them had it not been for the fact that both had their hazard lights flashing which indicated that the drivers had known that they'd parked illegally. Both were ticketed. That's kind of what not broadcasting your SSID is like. Any simple tool used to detect WLANs is going to see it. Hell, I would be surprised if the old NetStumbler won't see it. You turn off SSID broadcasting, if anything, you're asking to be cracked even more.
As for MAC Address filtering, people have been spoofing mac addresses for years now to get past that, though I'll admit that it can be helpful.
As for your WPA/WPA2 password, I'm recommending no less than 10 characters with at least 1 capital, and a mix of alpha numerical values. The longer the better (the longer the password is, the longer it takes to crack). This chart gives you a basic idea why: »www.lockdown.co.uk/?pg=combi
said by millerja01a:Bottom line, all users need to be aware of the security needs of their systems and networks.
Do your due diligence to protect yourself.
You'll never hear any argument from me on this point. | |
|
| | | | Just turn off WPS and choose a strong passphrase. The MAC address and SSID can be easily seen whenever you connect. It's a needless complication. | |
|
|
| Reviews:
·RoadRunner Cable
| Re: In Netgear routers you can disable WPS Almost every router I've ever used has the ability to turn it off.
The point being 99% of people will never hear or care of this news, and essentially the next generation of routers has been taken down.
People won't be upgrading routers for a very long time.
I can't stress enough how big this news is. | |
|
| | | I thought you had to push a physical button on Netgear routers to use WPS. And that enables it for just 2 minutes. | |
|
| |  Romney2012Defeat Obama 2012-Chg we can believe inPremium
join:2002-03-03
USA
kudos:4 | Re: In Netgear routers you can disable WPS said by aannoonn :I thought you had to push a physical button on Netgear routers to use WPS. And that enables it for just 2 minutes.
There is a button, but I never used it. And you can turn off the WPS feature in the router's web menu as I showed in picture above. | |
|
| | | | | Re: In Netgear routers you can disable WPS I think WPS is off unless you push the button. | |
|
| | | | | | Re: In Netgear routers you can disable WPS There are three types of WPS: Pushbutton, internal PIN (on the AP), external PIN (on the station). The last one needs to be off. | |
|
KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | This is why SIM style is needed well setup is complex but I was thinking why not have something like a SIM card that holds the WPA2-AES information with a maximum length randomly generated key.
the idea for the SIM style setup is when you get a new device you pop out the SIM/MicroSD card from the device pop it into the router, wireless login data is stored, place back in device and its good to go. Now this would require all new routers and major changes to devices but it could work for both security and keeping it simple. all the user has to know is moving the card about, but since its using WPA2-AES behind the scenes it would allow people who know what they are doing to continue to configure the router the same way they always have been.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
| | | Re: This is why SIM style is needed if you're advanced user you can simply set up radius server. And many residential gateways such as Linksys have dynamically generated keys every few hours. | |
|
|
|
| Reviews:
·Verizon Online DSL
| Re: I never use WPS my access points do not Support WPS never liked it at all
I am using 802.11A (too many 802.11B,G,N on the 2.4 GHz band)
and WPA/AES - enterprise Protected EAP (PEAP) requires username/password. I have 3 access points one on each floor of my house that can be a pain to keep track of the WPA-PSK keys.
where I live theft of services runs rampant.
my neighbors rather not pay for internet they rather get it for free. they have been trying to get access to my internet for years. Already had my WPA-psk key cracked 2 times, and had people knock on my door asking for the WPA-PSK Key that does not exist
I switched to WPA-enterprise with a Radius server
and switched to the 5 GHz band. this seems to be overkill but it is keeping them off of my network.
| |
|
| rickyf
join:2012-01-13
Weston, CT | Apple AirPort routers do support the non-button form of WPS connections.
Open the AirPort Utility, double click on the device to open the advanced configuration dialog, click on to the menu bar item "Base Station > Add Wireless Client". You will see a non-button way to use WPS to connect a wireless client. | |
|
 Morac
join:2001-08-30
Riverside, NJ
kudos:1
·Comcast
| Not all WPS affected The flaw only affects external PIN WPS, which is when the PIN is entered on the device connecting to the router. Internal PIN (pin entered on router setting page) and push button aren't affected.
I use Tomato USB anyway which removes WPS, so this doesn't affect me. Even if I didn't, my router doesn't support the external PIN method.
--
The Comcast Disney Avatar has been retired. | |
|
|  TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY | Re: Not all WPS affected I was under the impression that WPS had been cracked several years ago. From the very beginning I disabled WPS on My D-Link DIR-655. I was aware of all of this thanks to BBR 
--
I am quite sure now that often, very often, in matters concerning religion and politics a man's reasoning powers are not above the monkey's.
- Mark Twain in Eruption | |
|
| | tranle
join:2001-06-10
Mountain View, CA | Re: Not all WPS affected I think that you are confusing it with WEP. | |
|
Reviews:
·Insight Communic..
| Question I'm reading this to say if you use the WPS option to enter a PIN vs a Key, then your vulnerable. While if you only use the option to Push the button, and the device you want to connect "talks" to the router to share the key, then your ok.
Clairify if I am wrong please. | |
|
| | | Re: Question Pretty much.
Push button models are internal registers and are not affected.
The models with external registers are venerable. I'm guessing but probably 1/3rd of all newer routers have that. | |
|
| | Reviews:
·Insight Communic..
| Re: Question Well only reciently have I even started to use routers with tht option, case in point the Pace 411n, Westel/Netgear 7550, and the Samknows/Netgear router. All have buttons on the outside that need held for a few seconds to start the pairing process, those i'm assuming are safe. | |
|
| | | | | Re: Question I also have a Samknows/Netgear router and would like to know what I need to do to avoid this problem. | |
|
| | | | | | Re: Question I think DataRiker was sying were safe, but I'm awaiting clarification on that. | |
|
| | | | | | | Re: Question You are fine, as you state the only way to start the process is by depressing the button. The flaw only applies to routers which use a PIN system in combination with an external (i.e. client based) registration.
If people have WPS but don't use it, there is no reason why it should be leave that option enabled | |
|
| | | | | | | Don't listen to people who give advice without knowing what they're talking about. And don't be that person.
Unfortunately, if a router is certified for WPS it needs to support all three types, not just pushbutton. So, you are probably vulnerable. Just turn off WPS, then you're fine. | |
|
| | | | Reviews:
·Charter
| said by sparky57:I also have a Samknows/Netgear router and would like to know what I need to do to avoid this problem.
I have the samknows netgear WNDR3700, and its got an option to disable the router PIN. Log into your router at 192.168.1.1(default should be admin/password if you have not changed it already, which you should), and poke around the pages until you find it. | |
|
| | very confusing So what is the best sec. to use on FIOS router for my new laptop and my new Android phone? | |
|
| | Wait til the 5 minute hack appears Your Honor......my client is innocent of the charge leveled by the XXIA of downloading content without paying for it. The best protection of my client's wireless router, developed by the brightest minds in the computing industry, has been thoroughly broken by criminal hackers. My client is NOT a criminal simply for operating a wireless router in the same manner as tens of millions of other citizens and having his router broken into. The XIIA is simply trying to string my client up - to criminalize my client who was the victim in the first part - as a convenient scapegoat for their own failed business practices. | |
|
| Reviews:
·Charter
| Re: Wait til the 5 minute hack appears said by MaynardKrebs:Your Honor......my client is innocent of the charge leveled by the XXIA of downloading content without paying for it. The best protection of my client's wireless router, developed by the brightest minds in the computing industry, has been thoroughly broken by criminal hackers. My client is NOT a criminal simply for operating a wireless router in the same manner as tens of millions of other citizens and having his router broken into. The XIIA is simply trying to string my client up - to criminalize my client who was the victim in the first part - as a convenient scapegoat for their own failed business practices.
This method relies on the router to keep kicking back "not correct" to the device trying to connect. You have to start running thru every possible pin, and the router can only work so fast(seems to be on mine, which I checked, was about 1 try every 3 seconds). The routers MIPS processor is the limiting factor here on how fast this works, not the pin or anything else. | |
|
Reviews:
·Charter
| Just disable the router PIN, and this problem is solved There is an option in most wireless routers settings to disable the PIN, so that it cannot be used to connect to the network. Just 1 option, and this entire attack method is useless. I disable mine by default, and I would hope many of you would too. | |
|
| | It was only a matter of time... The 'better mousetrap' game for this encryption type is about over, but there is still the pin workaround.
For now. | |
|
| | Where is this setting in Tomato? Can someone please tell me where I can find this setting in Tomato firmware? Thanks. | |
|
| | | Re: Where is this setting in Tomato? I don't think tomato supports WPS. | |
|
Reviews:
·Optimum Online
 ·Verizon FiOS
| old news? Umm... who is stupid enough to leave default settings?
oh, nevermind... the wps pin is for LAZY PEOPLE who don't know how to setup a router.
(Yells in background.. free internet for everybody!!)
Did you know you could find FREE INTERNET easier than you can find a payphone in many *suburban & metro* locations?! A fact that the wireless cell phone companies want you to think is a myth. | |
|
 JimThePCGuyFormerly known as schja01.Premium,MVM
join:2000-04-27
Morton Grove, IL | I checked and it seems for my devices the default is DISABLE I admit I never checked to see if WPS was enabled.
So I just did and on my DLINK DIR-655 and UVerse RG both have WPS DISabled. So I take it that is the default for those two devices at least. | |
|
 WindstreamPremium,VIP
join:2009-03-31
Twinsburg, OH
kudos:28 | Difficult for avergage user I want to emphasize that someone attempting to perform this hack would need to purchase specialized hardware and software (not inexpensive) that does packet sniffing/injecting and possess the knowledge and time to do this. The people with the knowledge to do this comprise a very small fraction of the population.
Windstream
Support
--
We're here to help! wci.broadbandhelp@windstream.com | |
|
| Reviews:
·RoadRunner Cable
| Re: Difficult for avergage user The equipment needed is not specialized at all.
In fact Backtrack supports many default wireless cards included in laptops ( both of my laptops are supported without any configuration - both packet injection and monitor mode )
Also, the process will likely be just as easy as WEP cracking which can be done with a single command on Backtrack now. ( in fact easier in many respects ( authentication ect..) only it will take hours instead of minutes )
Your minimization of just how big this news is is very telling of the absolutely shitty nature corporate support.
This news is a game changer in the black hat community. Forums are already ablaze with coders looking to perfect the process.
If you check my history on such subjects I have beaten down all of the FUD on supposed WPA / WPA2 hacks and cracks in every news article, and I was absolutely correct. But this one is absolutely the real deal. | |
|
| |  heelyeahPremium
join:2004-02-11
Raleigh, NC | Re: Difficult for avergage user DD-WRT and Tomato firmware are not at risk for this hack. | |
|
|
|
In Netgear routers you can disable WPS
·
