Image via Wikipedia
Just recently, I had touched on how easy it’s for hackers to exploit and acquire PINs from routers that have Wi-Fi Protected Setup feature enabled (Wi-Fi Protected Setup PIN Method Has Flaw, Allowing Hackers To Deploy Brute Force Attack For Valid PIN Number In Lesser Time Than Before), because there has always been a flaw which associates with this particular feature, consequently allowing hackers to deploy brute force attacks and correctly guess PINs in less time than ever before. It’s not a surprised for us to see someone has already had a tool which could hack a router for Wi-Fi Protected Setup PIN. In fact, someone is releasing such a tool to the public already. So, in a way, we can say once the exploits are known, smart hackers who write their own codes usually can come up with new tools to penetrate the flaws of most computer systems. In this case, it’s no different, because the folks at Tactical Network Solutions has had such a tool known as Reaver which they probably use to do their own penetration tests on their own networks and clients, as a way to stay ahead of the curve so they can prevent their own networks and clients from being hacked.
Since the Wi-Fi Protected Setup exploit has been discussed publicly, the folks at Tactical Network Solutions are now releasing Reaver to the open source community, and this means anyone can download it and start using it. Of course, like any tool, bad people can use it to break into other people’s networks, or good people can use it to do penetration tests on their own networks so they will know how resilient their networks would be against certain hack attacks. The folks at Tactical Network Solutions also release Reaver as a commercial version which they claim it would be even more feature rich than the open source version.
Basically, once Reaver allows the hackers to attain the correct Wi-Fi Protected Setup PINs, the hackers can further more use Reaver to recover WPA/WPA2 passphrase in 4 to 10 hours range. As long the owners of the routers/networks aren’t yet disabling Wi-Fi Protected Setup feature, no matter if the owners change their WPA/WPA2 passphrase to anything, the hackers will always be able to recover WPA/WPA2 passphrase using Reaver. This is quite serious, because Reaver is just a tool where anyone can download and use freely. So, if the manufacturers of most routers aren’t going to patch the flaw, then it’s really up to the users of such routers to disable the Wi-Fi Protected Setup feature.
It seems to me that the folks at Tactical Network Solutions suggest that once hackers guess the Wi-Fi Protected Setup PINs correctly, hackers can take control of the routers. Worse, I think hackers can also insert themselves into the middle of the compromised networks to listen and sniffing and recording, consequently reading the network traffics for plain text data. Of course, they can also read the encrypted data in encrypted form only, but hackers who have the will to decrypt the encrypted data might also have tools that allow them to decrypt encrypted data in time.
In summary, if your router hasn’t yet had Wi-Fi Protected Setup feature disabled, it’s currently an easy target for just about anyone who has the will to download Reaver and use it for hacking your router. Usually, if someone hacks your router, they might have an even more insidious intention than just stealing your bandwidth. Perhaps, they might use your bandwidth to do some serious hacking against some big corporations, and you would be the one to take the blame. After all, once the hackers done with what they had to do, they could always clean up their trails and leave almost no trace of theirs behind. The authorities would have a hard time to believe your story as in “It wasn’t me,” kind of thing. So, I recommend you to turn off Wi-Fi Protected Setup feature at all cost and wait till the manufacturer who produces your router to come up with a patch that can address this particular exploit.
Sources: https://threatpost.com/en_us/blogs/attack-tool-released-wps-pin-vulnerability-122911,
http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html,
http://code.google.com/p/reaver-wps/
Related articles
- Cracking WPA in 10 hours or less (devttys0.com)
- Wi-Fi Protected Setup PIN Method Has Flaw, Allowing Hackers To Deploy Brute Force Attack For Valid PIN Number In Lesser Time Than Before (essayboard.com)
- Attack Tool Released For WPS Setup Flaw (mobile.slashdot.org)
- US-CERT Issues Warning About Current Wi-Fi Protected Setup Standard – ITProPortal (itproportal.com)
- Wi-Fi Protected Setup is Busted (zdnet.com)
- Researcher reveals flaw in Wi-Fi Protected Setup (digitaltrends.com)
- Wi-Fi Protected Setup Flaws Make Wireless Network Brute-force Attacks Feasible – PCWorld (pcworld.com)
- Two New Tools Exploit Router Security Setup Problem (pcworld.com)
- Wi-Fi Pin Vulnerability Discovered By Research Team (inquisitr.com)
- Wi-Fi ‘protected set-up’ not so protected after all (news.cnet.com)
- Attack Tool Released for WPS PIN Vulnerability (thesecuritypub.com)
- WPA Brute-Force and Design Flaws….. (netsecurityit.wordpress.com)
- A chink in the armor of WPA/WPA2 WiFi security (hackaday.com)
- Researchers discover Wi-Fi router PIN vulnerability (electronista.com)
Filed under: Hardware, Internet, Networking, Security Tagged: Brute-force attack, Passphrase, Personal identification number, Reaver, router, Tactical Network Solutions, Wi-Fi, Wi-Fi Protected Setup
