A Chink In The Armor Of WPA/WPA2 WiFi Security

Looks like your WiFi might not be quite as secure as you thought it was. A paper recently published by [Stefan Viehböck] details a security flaw in the supposedly robust WPA/WPA2 WiFi security protocol. It’s not actually that protocol which is the culprit, but an in-built feature called Wi-Fi Protected Setup. This is an additional security protocol that allows you to easily setup network devices like printers without the need to give them the WPA passphrase. [Stephan’s] proof-of-concept allows him to get the WPS pin in 4-10 hours using brute force. Once an attacker has that pin, they can immediately get the WPA passphrase with it. This works even if the passphrase is frequently changed.

Apparently, most WiFi access points not only offer WPS, but have it enabled by default. To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!

It looks like [Stephan] wasn’t the only one working on this exploit. [Craig] wrote in to let us know he’s already released software to exploit the hole.

59 thoughts on “A Chink In The Armor Of WPA/WPA2 WiFi Security

  1. Oh good you had me worried for a second there. I don’t use that junk anyway. :-) I’ll bet most of us readers actually enjoy setting up our new networking hardware and never bothered with WPS. It is a little scary, however, to read that in some routers turning it off doesn’t actually do anything.

    1. “I don’t use that junk anyway.”

      Unless you mean Wi-Fi, as in “I don’t use Wi-Fi”, you may still be vulnerable. You may want to confirm that your router/firmware isn’t one of the ones that has the feature “always on”.

      1. Umm… I have setup DSL wifi routers for myself and 4 of my neighbors (i am the neighborhood geek). On all 4 actiontec routers the WPS PIN is printed on the bottom label.

        For every actiontec wifi router I have looked at (multiple models) the PIN was *always* 12345678

        Perhaps the reaver program should test that PIN first ???

      2. I just the reaver wps_pin_checksum() function the pin 1234567 and it returned a checksum of 0, not the 8 that I was expecting. I then looked at my actiontec router label in a brighter light, and indeed, it is a zero with a slash, which looks a lot like an 8.

        So, the actiontec PIN is 12345670.

    2. I did mean WPS by “junk.” I guess I prematurely assumed disabling it in my router actually meant it was disabled. I then tested it and disabling WPS actually works for Motorola “Surfboard.”
      As far as which firmwares are junk, stock or custom, I’ve noticed a fair amount of bugs in both.

      1. Drat. I’ve got that routed, but I’ve been looking at it sideways for months now. It only serves as a wireless access point and a switch… but I’ll be damned if I didn’t lose the thing on my network. It doesn’t show up in a ping sweep anywhere. It doesn’t show up as a hop. It’s just…missing.

  2. I just checked mine, and yup, it’s enabled by default (now disabled). I never used WPS, so I didn’t even think about its vulnerability, and I didn’t know it was always on. That really shouldn’t be enabled by default.

  3. Wow, this is such an obvious attack vector, and I had never thought of it before. Thanks for the eye opening article.

    I just always turn it off because I never needed it, turns out it is better to be lucky than smart :)

      1. I’m just ignorant of the method he’s talking about. Not familiar with one that needs two computers. Just making sure it’s not the same old guess the password method. If I acted cool I wasn’t trying, it’s just something that happens when you’re cool I guess.

  4. I’m already testing out this software. It works pretty good so far. It has a few minor bugs but the author is on top of them and has already released some updates to the code.
    I’m using it on a VM of BT4R2 with an Alfa AWUS036H. It’s slow, but fast as shit compared to trying to crack WPA using a wordlist with the huge possibility of it not succeeding.
    So far, every network around me is vulnerable to this attack. There isn’t a single one where WPS is disabled. And some of the people around me are supposedly tech experts working for comcast and verizon.
    Something about WPS never seemed all that safe to me. I’ve always had it disabled. I’m surprised it took this long for someone to find an easily exploitable flaw.

    1. Should the router makers care about the 1% of users who care about security?
      Or the 99% who just want to plug in a printer and see it work? (and they don’t give a fuck about security)
      HMM. That’s a tough choice, huh… lol
      Defaults are for the 99%… They don’t even need to know the printer has an “Aye-pee”. (IP)
      The paper just travels like magic from the computer to the tray.

      *mimics caveman bashing on broken printer* << average printer user.

    1. I think we should forbid Hamlet too because Polonius is killed because Hamlet thinks is another one behind the curtain. Curtains don’t kill people, people kill people. And we should stop with The Merchant of Venice too because of its antisemitism. We should call black tie dressing afro-american tie, we should call women people of female gender, and specially people like you of mentally challenged and not retarded.

  5. Good ol Openwrt, it has the lovely ‘feature’ of not supporting WPS at all in the Luci interface. Sure hostapd supports it but theres no frontend unless you feel like coding up your own, how thoughful of them.

  6. Nothing – NOTHING – is ever secure as people think it is. That has been proven against every new ‘secure’ technology that comes out.

    Whether it’s tricking people into revealing their passwords, or stupid SQL administration that leads to internal document exposure that contains decryption keys, nothing will ever be completely secure.

    Now broadcast encryption information over some wireless bands and let’s see how security ratings drop precipitously.

    1. >>is ever secure as people think it is.

      There is a difference between things being insecure and things being badly implemented. As far as I can tell WPA/WPA2 are still fairly secure.. i.e. capturing cipther text and turning it into plain text is not trivial. Router vendors being retarded and shipping units with predictable keys etc doesn’t mean that “WPA is insecure” just that the vendors implementation is bad.

      >>That has been proven against every new
      >>‘secure’ technology that comes out.

      Has it? SSL is pretty old.. it’s still secure for the most part.

      >>Whether it’s tricking people into
      >>revealing their passwords,

      Stupid passwords doesn’t mean a cipher or protocol is insecure.

      >>or stupid SQL administration that
      >>leads to internal document exposure
      >>that contains decryption keys,

      Again, that is bad implementation. Encrypting some thing with and then attaching a post it note with the key to the media doesn’t not mean is insecure.

      >> nothing will ever be completely secure.

      s/completely secure/completely secure again bad implementation and side channel attacks/

      >>Now broadcast encryption information over
      >>some wireless bands and let’s see how
      >>security ratings drop precipitously.

      People “broadcast” sensitive information by the terabyte over this massive public network called “the interwebs” and its still possible to have a secure channel.

      1. wordpress stripped what it thought were tags..

        Again, that is bad implementation. Encrypting some thing with CIPHER and then attaching a post it note with the key to the media doesn’t not mean CIPHER is insecure.

      2. Physical access is a massive issue.

        An undisclosed company was booted from the datacenter I work in, as they were dumping CC information from their customers servers and virtual servers.

        Though all communication out of the servers would have been secure, the encryption keys were still on the server, so physical access by a corrupt admin was still an inherent issue.

  7. Actually, it’s WAAAY worse than you think. ALL common consumer/prosumer/commercial network connected hardware bleeds information by design. From your printers to your network interface hardware, from your cell phone to your TV, data leaks out your network like heat from an incandescent bulb. Yawn.

    How many people know that cameras double as the IR remote interfaces on many big screen TVs?

    Yeah, this isn’t such a big deal in the grand scheme of things.

    1. “How many people know that cameras double as the IR remote interfaces on many big screen TVs?”

      Not many, considering the fact that a CMOS/CCD sensor isn’t nearly fast enough too see anything else than the fact that the remote IR is on.

      The signal is on a kilohertz frequency range carrier, so you’d need a camera that can do tens to hundreds of thousands of frames per second to receive it.

    1. He’s exploiting the protocol, namely the timing attack style first sending M4 then M6.

      Also he’s exploiting the WPS system to easily gain the WPA passkey.

      Luckily I’d turned this off already, not cause I thought it was vulnerable but because I had no idea what it was.

  8. I have WPS disabled. However, now I’m wondering, how do I tell if it is really disabled, especially when I read the below line:

    “To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!”

  9. After using reaver an a brand new Asus router with WPS turned off, we were shocked to see it print out our multi-word and symbol WPA2 passphrase in less than two hours.

    Other routers were getting timeout errors, but after adjusting the timeout to 20 seconds 3 of them fell prey to reaver in less than a day. We may try a timeout of 25 seconds for the ones that are resisting.

    Perhaps WPA isn’t cracked, but WPA *ROUTERS* are dropping like flies around here.

    And by the way, most of them (multiple different brands) have a PIN code of 12345670, and most of them have WPS off. We could have gotten this done a LOT quicker if reaver checked that “standard default” PIN first.

    Interesting, that new router that spilled its secrets so fast was from Asus, whose products are not even listed in the Cert advisory list of vulnerable routers.

    1. I tried using reaver with the -P 12345670 -vv options and it seems to try that pin over and over (seemingly without success). Can you try it against a known vulnerable router with that pin?

  10. When I first started setting up wireless nets, there was no such thing as WPS. I just got used to setting everything up by hand. When I bought my first router that did have WPS, I couldn’t get the thing to work using the WPS, so I just set it up manually and disabled the WPS. So, even now I still set up my nets manually, and disable WPS every time. I guess sometimes it’s good to be set in your ways.

  11. some 6 months before this article was published i was trying to connect to some network in windows and when got prompt for entering pin an idea crossed my mind: this shit might be easy to bruteforce :D

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.