Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 993
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: New tools for hacking wireless routers (Belkin, D-Link, Cisco, Netgear...)  (Read 3764 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Researchers have released two tools that can take advantage of a weakness in a system designed to let people easily secure their wireless routers.

One of the tools comes from security researcher Stefan Viehbock: http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/ , who publicly released information this week on the vulnerability in the Wi-Fi Protected Setup (WPS) wireless standard.

The standard is intended to make it easier for non-technical people to password protect their routers to prevent unauthorized use and encrypt wireless traffic.

Most major router manufacturers use WPS, including products from Belkin, D-Link Systems, Cisco's Linksys, Netgear and others. It allows a user to enter an eight-digit random number often printed on the router by a device manufacturer to enable security. Another method supported by WPS involves pushing a physical button in the router.

The vulnerability, which was also uncovered by Craig Heffner of Tactical Network Solutions, involves how the router responds to incorrect PINs. When a PIN is entered, the router using WPS will indicate whether the first or second halves of the PIN are correct or not.

The problem means it is easier for attackers to try lots of combinations of PINs in order to find the right one, known as a brute-force attack. While determining an eight-digit PIN would normally take some 100 million tries, the vulnerability reduces the needed attempts to 11,000, according to Viehbock's research paper.

If an attacker has the PIN, it can then be used to figure out the router's password. Viehbock wrote on Thursday that his proof-of-concept tool is a bit faster than Reaver, a tool released by Heffner and Tactical Network Solutions. Both of the tools enable brute-force attacks.

Reaver is hosted on Google Code. Its authors say that it can recover a router's plain-text WPA or WPA2 password in four to 10 hours, depending on the access point. "In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase," according to a release note: http://code.google.com/p/reaver-wps/

Many routers also do not limit the number of guesses for a PIN, which makes brute-force attack feasible, according to an advisory from the U.S. Computer Emergency Readiness Team (CERT): http://www.kb.cert.org/vuls/id/723755
The organization wrote that it was unaware of a practical solution to the issue.

Heffner wrote that his company has been perfecting Reaver for nearly a year. Tactical Network Solutions decided to release the tool after the vulnerability was made public. It is also selling a commercial version with more features.

Users can disable WPS to prevent an attack, but Heffner wrote that most people do not turn it off.

"In our experience even security experts with otherwise secure configurations neglect to disable WPS," he wrote. "Further, some access points don't provide an option to disable WPS or don't actually disable WPS when the owner tells it to."

(PCW)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising