Printed from http://www.electronista.com

Tool launched to exploit Wi-Fi WPS setup hole

updated 05:40 pm EST, Fri December 30, 2011

Open source and proprietary versions available

On Wednesday, the US Computer Emergency Readiness Team (US-CERT) warned that Wi-Fi routers which used WPS (Wi-Fi Protected Setup) PINs during setup might be vulnerable to a security flaw that exposed the devices to brute-force attacks by hackers. If successful, a hacker could take control of the router and have access to all devices connected to it. Now comes word that an open-source tool, Reaver, has been posted by a security company to facilitate exploiting the vulnerability (link).

WPS is intended to simplify the task of setting up and configuring security on wireless networks. Its purpose is to help homeowners and other non-technical automatically configure new wireless networks, add new devices and enable security. Most Wi-Fi routers shipped today come with WPS support. The vulnerability that has been exposed is that by a repetitive, brute-force continuous attack, the PIN used to set up the router can be retrieved by a hacker and then exploited.

It's estimated that such an attack can determine the PIN in less than four hours, the amount of time it would take to try all possible eight-digit combinations. On average, it would actually take less than half that time. Some devices have a lock-down feature that will temporarily block any new effort to enter a PIN after several failed attempts. However, even with this protection, the effort to crack the PIN can resume after a brief timeout, and the PIN can still be retrieved in less than a day.

The company that has created Reaver is Tactical Network Solutions (TNS). It's offering the exploit to demonstrate the weakness of WPS protection. TNS offers a commercial version as well, which can reportedly crack the code more quickly and has a user-friendly web-based front-end rather than a command-line interface. The company claims that it will only sell the commercial version to federal, state, and local government agencies for an undisclosed price.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Neurio Intelligent Home Monitor

The recently released Neurio Intelligent Home Monitor is a piece of hardware that, when integrated into a home's breaker box, monitors ...

Apple 13-inch MacBook Pro (Early 2015)

Although the new darling of the Apple MacBook line up is the all-new MacBook, Apple has given its popular 13-inch MacBook Pro with Ret ...

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Advertisement

toggle

Most Commented

 
toggle

Popular News