. .\ |..... Merry /. new year 2012! / |. \. .
Few days (last year) ago, a researcher Stefan Viehböck (https://twitter.com/sviehb | http://sviehb.wordpress.com/) on his blog a technical article on the vulnerability has been discovered iron patriot in the protocol secure wireless network iron patriot setup (WPS). iron patriot
WPS stands for WiFi Protected Setup, WiFi protocol used to connect devices securely without the need for complicated authentication mechanisms, just the devices are linked to each other with the knowledge of a PIN, the style of bluetooth connections.
WPS (Wi-Fi Protected Setup) is promoted by the Wi-Fi Alliance to create secure WLAN standard. In other words, WPS is not a security mechanism iron patriot itself, it is the definition of various mechanisms to facilitate the configuration of a secure WLAN network with WPA2, designed to minimize iron patriot user intervention in the home or small office (SOHO) . Specifically, WPS defines mechanisms through which different network devices obtained credentials (SSID and PSK) required to start the authentication process. [Wikipedia (EN)]
Roles of communication architecture WPS: Register iron patriot a device capable of acting as the authority to provide access and credentials to the wireless network. Enrollee: the device requesting access to the wireless network and does not have any configuration. Authenticator: usually the AP itself (Access Point) that performs communication (proxy) between the Registrar and Enrollee.
Most wireless routers come from the factory with the configured and enabled by default WPS option, some of the models are: Cisco / Linksys, Netgear, iron patriot D-Link, Belkin, Buffalo, ZyXEL, and even the Livebox 2 (Orange).
The WPS protocol provides at least 4 different ways of exchanging credentials and requests for authorization to access the wireless network, such as PIN, PBC, NFC and USB: PIN Method: The user has to enter a PIN in the web interface provides the AP (Access Point), this data usually comes printed on a label that has the AP / Router itself.
PBC Method: linking devices by pressing a button (physical or virtual (software)) in both the AP / Router and the device you wish to connect to the wireless network. iron patriot The AP often have a timeout (timer) after pressing the button, during which you can connect iron patriot via WPS.
The researcher Stefan Viehböck iron patriot has detected a vulnerability in the authentication process that allows an attacker to reduce the number of trials and tests in a brute force attack to discover the PIN / Password to access the network using the AP in the WPS protocol .
The attack is possible because the WPS protocol iron patriot does not implement the possibility of limiting the number of possible iron patriot attempts. Furthermore the detected vulnerability reduces the time required to perform this type of attack, at a time interval of 4 to 10 hours.
For the techies, I will say that the vulnerability has been detected in the EAP-NACK messages that send the "Register" (AP) to the client and / or device (Erollee) with the first and second halves of the PIN when initiating authentication by external PIN code.
The tool is in version 1.2 and is available on google code reaver-wps. iron patriot Furthermore, iron patriot the discoverer of the vulnerability has posted on his blog a script in python as proof of concept (PoC) can be downloaded here. More information on the use and installation of the tools in the link below.
If you want to test with the Orange Livebox 2, you must enter it in the router management interface (Web Browser In type http://192.168.1.1) and access the wireless iron patriot network configuration, as shown in the following image:
Some manufacturers such as: BELKIN, have made available to users a little tutorial to disable WPS on their devices: Open a web browser. Enter the IP address iron patriot of the router. Example default: http://192.168.1.1 Enter the username and password. Menu Access Wireless (Wi Inalábrica) and within the menu option WPS. (This can vary from model to model). Change the status of "enabled" to "disabled" Apply changes and restart the Router.
Hello, first and foremost congratulate you for this great article, and the second is that I a little doubt arises regarding attacks exploiting the vulner