Friday, December 30, 2011
WiFi Protected Setup (WPS) Is Vulnerable, 2 Bruteforce Tools Unleashed
Posted by
Shipcode
at
30.12.11
Labels:
BackTrack 5,
Crack WPA in 10 hours,
fix wps,
Linux,
open source,
PoC Bruteforce Tool,
Reaver Setup,
routers,
Tactical Network,
wifi cracking,
WiFi Protected Setup Attack Tool,
WPA/WPA2 retriever,
WPS pins
Two computer security
experts and network ninjas discovered that
WiFi Protected Setup is vulnerable because it can be brute-forced using WPS pins which allow attackers to retrieve the WPA/WPA2 in less
than 10 hours.
Aside from that,
two penetration testing tools that cracks routers that have WPS on it
have been released, made open source and available for download. These
two tools are Reaver and Stefan Viehböck’s PoC Bruteforce Tool. Reaver
was released by Tactical Network Solutions and the
PoC Bruteforce Tool was obviously developed by
Stefan Viehböck. Stefan said that his tool is a bit faster than Reaver
but it does not support all Wi-Fi adapters. I haven’t tried Stefan’s
tool yet but I was able to play and set Reaver tool in
my Backtrack 5 Linux Operating System.
Reaver version 1.1
has been released last night while I was writing a tutorial on how to set it up. You can download or wget Reaver version 1.1 or 1.0 on this link. And if you want to try
Stefan Viehböck’s PoC Bruteforce Tool, you can download it here.
There is no patch yet for this vulnerability so it would be advisable to disable WPS in order to keep it away from your neighbors who are crackers.
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.