A very easy hack has been discovered for this. If you're a techie you've never used it, but it's enabled by default on all modern Wifi routers. It makes it easier for noobs to setup a wireless network.
Assuming you're using a standard WPA wireless passphrase and not WPS (which uses a PIN number in a similar manner to BlueTooth) then you can just disable it in your router. If you don't know how, just Google it.
http://www.zdnet.com/blog/networking/wi ... usted/1808
Disable Wifi Protected Setup (WPS) on your router!!!!
-
FlyingPenguin
- Flightless Bird
- Posts: 33161
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Disable Wifi Protected Setup (WPS) on your router!!!!
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
-
CaterpillarAssassin
- Almighty Member
- Posts: 2252
- Joined: Wed Nov 22, 2000 11:29 am
- Location: somewhere in N.E
-
CaterpillarAssassin
- Almighty Member
- Posts: 2252
- Joined: Wed Nov 22, 2000 11:29 am
- Location: somewhere in N.E
Actually just looking at the article on Ars, and they are saying they were able to break into theirs even when WPS was DISABLED in the web interface as it still responded to WPS requests.
This makes things much more dangerous. Beware if your router even SUPPORTS WPA.
http://arstechnica.com/business/news/20 ... reaver.ars
This makes things much more dangerous. Beware if your router even SUPPORTS WPA.
http://arstechnica.com/business/news/20 ... reaver.ars
-
FlyingPenguin
- Flightless Bird
- Posts: 33161
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
It's turning into a fiasco. Some updates:
- A reminder that someone needs to be within range of your Wifi to work this hack, and they need to have a fairly strong signal. A marginal signal won't work as well because of the amount of traffic necessary for the hack.
- ALL Cisco and Linksys Wifi Routers WILL NOT turn off WPS even if you disable it in the control panel. There is no way to turn it off without hacking the firmware which is not for the faint of heart and explained here: http://blog.nullmethod.com/2012/01/disa ... s-via.html
- Routers modified with the DD-WRT firmware are not suceptible since DD-WRT doesn't support WPS (and all of my home routers are old Linksys WRT54Gs with the DD-WRT firmware installed).
- Apple routers apparently also don't support WPS, but just about any router made in the last 3 years does. To identify a router with WPS, it will either have an "Easy Setup" button on the router or else it will have a WPS Pin number printed on a label near the serial number.
- All manufacturers are scrambling to update their firmware since fixing this is rather easy, BUT except for techies like us, who updates their router firmware? So expect a LOT of routers to be wide open for years to come. Response from vendors here: http://www.smallnetbuilder.com/wireless ... he-wps-fix
- The hack has already been released in several Linux apps, one of which is Reaver and is easy to find. There's even a professional product called Reaver Pro. This hack is so easy to implement, it won't be long before there's easy to use Windows apps. Reaver captures the static PIN number of the router AND the WPA password. For most routers it just takes several minutes to a few hours. To see Reaver at work, watch the video here: http://vimeo.com/34667806
- There's a how-to for doing this hack with a freely available version of Reaver posted on LifeHacker, so anyone can do it: http://lifehacker.com/5873407/how-to-cr ... ith-reaver
- Excellent Google spreadsheet that is being constantly updated with specific router models that are susceptible, and notes on each one: https://docs.google.com/spreadsheet/lv? ... DNSSHZEN3c
- If you're interested in WHY and HOW this happened, Steve Gibson clearly explains it in last week's Security Now podcast, episode 335: http://www.grc.com/securitynow.htm
Essentially, the spec for WPS was very well written with lots of security and crypto EXCEPT that someone blundered in the protocol and no one caught it at the time. The flaw has been known about for at least a year but no one thought it was important until a security researcher recently demonstrated how easy it was to hack.
Basically the problem is that the original spec for WPS allowed for a 4 digit PIN because all routers were supposed to have LCD displays and the PIN would be generated randomly each time you tried to connect, and then displayed on the LCD. This would have been plenty secure. However, manufacturers didn't want to put LCD displays on cheap routers so they asked to have the spec changed for routers without displays. Those routers would have a static PIN permanently set at the factory that was 8 digits, and the pin would be printed on the router near the serial number.
The problem is that because the protocol was originally written for 4 digits, the protocal authenticates the first 4 digits first, then authenticates the last 4 digits. Thus the hacker only has to guess the first 4 digits which is relatively easy in a brute force attack. One he knows he has the right first four digits, he can then brute force the second 4 digits, which is actually even easier because the 8th digit is a checksum, so he really only needs to brute force 3 digits for the 2nd half which is ridiculously easy.
This is made even worse by the fact that many routers allow unlimited attempts instead of timing out. At best, the spec says that if you guess wrong 3 times you get locked out for 1 minute, and even the routers that follow that spec can still be hacked in a couple of hours.
The only good news is that it's easy to fix via firmware update.
- A reminder that someone needs to be within range of your Wifi to work this hack, and they need to have a fairly strong signal. A marginal signal won't work as well because of the amount of traffic necessary for the hack.
- ALL Cisco and Linksys Wifi Routers WILL NOT turn off WPS even if you disable it in the control panel. There is no way to turn it off without hacking the firmware which is not for the faint of heart and explained here: http://blog.nullmethod.com/2012/01/disa ... s-via.html
- Routers modified with the DD-WRT firmware are not suceptible since DD-WRT doesn't support WPS (and all of my home routers are old Linksys WRT54Gs with the DD-WRT firmware installed).
- Apple routers apparently also don't support WPS, but just about any router made in the last 3 years does. To identify a router with WPS, it will either have an "Easy Setup" button on the router or else it will have a WPS Pin number printed on a label near the serial number.
- All manufacturers are scrambling to update their firmware since fixing this is rather easy, BUT except for techies like us, who updates their router firmware? So expect a LOT of routers to be wide open for years to come. Response from vendors here: http://www.smallnetbuilder.com/wireless ... he-wps-fix
- The hack has already been released in several Linux apps, one of which is Reaver and is easy to find. There's even a professional product called Reaver Pro. This hack is so easy to implement, it won't be long before there's easy to use Windows apps. Reaver captures the static PIN number of the router AND the WPA password. For most routers it just takes several minutes to a few hours. To see Reaver at work, watch the video here: http://vimeo.com/34667806
- There's a how-to for doing this hack with a freely available version of Reaver posted on LifeHacker, so anyone can do it: http://lifehacker.com/5873407/how-to-cr ... ith-reaver
- Excellent Google spreadsheet that is being constantly updated with specific router models that are susceptible, and notes on each one: https://docs.google.com/spreadsheet/lv? ... DNSSHZEN3c
- If you're interested in WHY and HOW this happened, Steve Gibson clearly explains it in last week's Security Now podcast, episode 335: http://www.grc.com/securitynow.htm
Essentially, the spec for WPS was very well written with lots of security and crypto EXCEPT that someone blundered in the protocol and no one caught it at the time. The flaw has been known about for at least a year but no one thought it was important until a security researcher recently demonstrated how easy it was to hack.
Basically the problem is that the original spec for WPS allowed for a 4 digit PIN because all routers were supposed to have LCD displays and the PIN would be generated randomly each time you tried to connect, and then displayed on the LCD. This would have been plenty secure. However, manufacturers didn't want to put LCD displays on cheap routers so they asked to have the spec changed for routers without displays. Those routers would have a static PIN permanently set at the factory that was 8 digits, and the pin would be printed on the router near the serial number.
The problem is that because the protocol was originally written for 4 digits, the protocal authenticates the first 4 digits first, then authenticates the last 4 digits. Thus the hacker only has to guess the first 4 digits which is relatively easy in a brute force attack. One he knows he has the right first four digits, he can then brute force the second 4 digits, which is actually even easier because the 8th digit is a checksum, so he really only needs to brute force 3 digits for the 2nd half which is ridiculously easy.
This is made even worse by the fact that many routers allow unlimited attempts instead of timing out. At best, the spec says that if you guess wrong 3 times you get locked out for 1 minute, and even the routers that follow that spec can still be hacked in a couple of hours.
The only good news is that it's easy to fix via firmware update.
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
-
RubberDuckie
- Posts: 2854
- Joined: Thu Nov 23, 2000 3:38 am
- Location: Texas
- Contact: