With The Release Of Reaver, Now Anyone Can Exploit Wi-Fi Protected Setup Flaw Freely; Reaver Releases As Open Source Software

English: Internet wireless router

Image via Wikipedia

Just recently, I had touched on how easy it’s for hackers to exploit and acquire PINs from routers that have Wi-Fi Protected Setup feature enabled (Wi-Fi Protected Setup PIN Method Has Flaw, Allowing Hackers To Deploy Brute Force Attack For Valid PIN Number In Lesser Time Than Before), because there has always been a flaw which associates with this particular feature, consequently allowing hackers to deploy brute force attacks and correctly guess PINs in less time than ever before.  It’s not a surprised for us to see someone has already had a tool which could hack a router for Wi-Fi Protected Setup PIN.  In fact, someone is releasing such a tool to the public already.  So, in a way, we can say once the exploits are known, smart hackers who write their own codes usually can come up with new tools to penetrate the flaws of most computer systems.  In this case, it’s no different, because the folks at Tactical Network Solutions has had such a tool known as Reaver which they probably use to do their own penetration tests on their own networks and clients, as a way to stay ahead of the curve so they can prevent their own networks and clients from being hacked.

Since the Wi-Fi Protected Setup exploit has been discussed publicly, the folks at Tactical Network Solutions are now releasing Reaver to the open source community, and this means anyone can download it and start using it.  Of course, like any tool, bad people can use it to break into other people’s networks, or good people can use it to do penetration tests on their own networks so they will know how resilient their networks would be against certain hack attacks.  The folks at Tactical Network Solutions also release Reaver as a commercial version which they claim it would be even more feature rich than the open source version.

Basically, once Reaver allows the hackers to attain the correct Wi-Fi Protected Setup PINs, the hackers can further more use Reaver to recover WPA/WPA2 passphrase in 4 to 10 hours range.  As long the owners of the routers/networks aren’t yet disabling Wi-Fi Protected Setup feature, no matter if the owners change their WPA/WPA2 passphrase to anything, the hackers will always be able to recover WPA/WPA2 passphrase using Reaver.  This is quite serious, because Reaver is just a tool where anyone can download and use freely.  So, if the manufacturers of most routers aren’t going to patch the flaw, then it’s really up to the users of such routers to disable the Wi-Fi Protected Setup feature.

It seems to me that the folks at Tactical Network Solutions suggest that once hackers guess the Wi-Fi Protected Setup PINs correctly, hackers can take control of the routers.  Worse, I think hackers can also insert themselves into the middle of the compromised networks to listen and sniffing and recording, consequently reading the network traffics for plain text data.  Of course, they can also read the encrypted data in encrypted form only, but hackers who have the will to decrypt the encrypted data might also have tools that allow them to decrypt encrypted data in time.

In summary, if your router hasn’t yet had Wi-Fi Protected Setup feature disabled, it’s currently an easy target for just about anyone who has the will to download Reaver and use it for hacking your router.  Usually, if someone hacks your router, they might have an even more insidious intention than just stealing your bandwidth.  Perhaps, they might use your bandwidth to do some serious hacking against some big corporations, and you would be the one to take the blame.  After all, once the hackers done with what they had to do, they could always clean up their trails and leave almost no trace of theirs behind.  The authorities would have a hard time to believe your story as in “It wasn’t me,” kind of thing.  So, I recommend you to turn off Wi-Fi Protected Setup feature at all cost and wait till the manufacturer who produces your router to come up with a patch that can address this particular exploit.

Sources:  https://threatpost.com/en_us/blogs/attack-tool-released-wps-pin-vulnerability-122911,
http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html,
http://code.google.com/p/reaver-wps/

About these ads

Wi-Fi Protected Setup PIN Method Has Flaw, Allowing Hackers To Deploy Brute Force Attack For Valid PIN Number In Lesser Time Than Before

According to threatpost’s article “WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs,” your router with Wi-Fi Protected Setup enabled can allow hackers to take less time to figure out the PIN number and have access to your wireless network.  The article suggests that Wi-Fi Protected Setup reveals too much information when it tries to authenticate a device, consequently allowing hackers to take less time in acquiring the valid Wi-Fi Protected Setup PIN number through brute force hacking method.

I’ve always disabled my Wi-Fi Protected Setup, because it seems to me as if it’s just another door for hackers to break into.  When reading the piece from threatpost, I’m glad that I’d been careful all along.  Most modern routers provide Wi-Fi Protected Setup feature so users don’t have to actually enter long WPA2 passphrase for connecting to a wireless network, because Wi-Fi Protected Setup requires a PIN number (e.g., 1234567…).

I’m no expert on Wi-Fi Protected Setup, because I had avoided using it from the very beginning.  It seems to me Wi-Fi Protected Setup feature has several methods which it’s associated with.  One involves in pushing the Wi-Fi Protected Setup button on the router and then on the client in a short time frame (i.e., less than 2 minutes or so).  After the user pushes the Wi-Fi Protected Setup buttons, user can just stand idle by and wait for the client and the router to automatically communicate with each other, allowing the client to connect to the router, thus the client would be able to surf the Internet using the wireless network which the router provides.  The second method requires PIN number registration, but this very method has two sub methods of its own.  The first sub method requires less work for users, because the users can just hand their devices’ Wi-Fi Protected Setup PIN numbers (i.e., printed on the back of their devices or generated by their devices’ software) to the administrators.  The administrators then have to enter users’ Wi-Fi Protected Setup PIN numbers into a router or access point‘s administration control panel (e.g., https://192.168.1.1) to register users’ Wi-Fi Protected Setup PIN numbers with the access point, consequently allowing users’ devices to connect to the particular wireless network.  The second sub method requires the users to enter the Wi-Fi Protected Setup PIN number of the router or access point onto their devices’ software, consequently allowing the client devices and the router or access point to communicate with each other (i.e., granting wireless network access).  The piece from threatpost emphasizes the weakness in the second sub method of the Wi-Fi Protected Setup PIN number method, because the hackers only need the Wi-Fi Protected Setup PIN number and not having to be within certain distance of the access point or the router.  The third method of Wi-Fi Protected Setup feature involves with Near Field Communication method.  Wikipedia‘s article “Near field communication” explains rather well on how Near Field Communication method works.

threatpost suggests that most modern routers tend to enable Wi-Fi Protected Setup feature by default.  If you are aware about the flaw of Wi-Fi Protected Setup PIN number method, then you might want to disable Wi-Fi Protected Setup feature so the hackers won’t be able to use brute force attack to acquire the Wi-Fi Protected Setup PIN number of the specific access point or router.  threatpost suggests many well known brands are all being affected by Wi-Fi Protected Setup flaw; as long any router has Wi-Fi Protected Setup feature with PIN method enabled, then the hackers who aware of the Wi-Fi Protected Setup PIN number flaw can brute force attack the router for the Wi-Fi Protected Setup PIN number in less time than ever before.

Sources:  https://threatpost.com/en_us/blogs/wifi-protected-setup-flaw-can-lead-compromise-router-pins-122711
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
http://www.wi-fi.org/knowledge_center_overview.php?docid=4614

Follow

Get every new post delivered to your Inbox.

Join 870 other followers