Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Monday September 01 2014, @06:19AM   Printer-friendly
from the WIthout-FIdelity dept.

A researcher has refined an attack on wireless routers with poorly implemented versions of the Wi-Fi Protected Setup that allows someone to quickly gain access to a router's network:

The attack exploits weak randomization, or the lack of randomization, in a key used to authenticate hardware PINs on some implementations of Wi-Fi Protected Setup, allowing anyone to quickly collect enough information to guess the PIN using offline calculations. By calculating the correct PIN, rather than attempting to brute-force guess the numerical password, the new attack circumvents defenses instituted by companies.

While previous attacks require up to 11,000 guesses—a relatively small number—and approximately four hours to find the correct PIN to access the router's WPS functionality, the new attack only requires a single guess and a series of offline calculations, according to Dominique Bongard, reverse engineer and founder of 0xcite, a Swiss security firm.

"It takes one second," he said. "It's nothing. Bang. Done."

The problem affects the implementations provided by two chipset manufacturers, Broadcom and a second vendor whom Bongard asked not to be named until they have had a chance to remediate the problem. Broadcom did not provide a comment to Ars.

Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by frojack on Monday September 01 2014, @06:36AM

    by frojack (1554) on Monday September 01 2014, @06:36AM (#88018) Journal

    I don't turn that option on on any of my wifi routers, home, or office. How hard is it to enter a passphrase?
    You can go here [qrstuff.com] and gen a QR code for any guests to to configure their android devices so you never have to tall anyone the password.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by tibman on Monday September 01 2014, @07:47AM

      by tibman (134) Subscriber Badge on Monday September 01 2014, @07:47AM (#88027)

      Pretty neat, haven't seen that before.

      --
      SN won't survive on lurkers alone. Write comments.
    • (Score: 1) by Urlax on Monday September 01 2014, @08:02AM

      by Urlax (3027) on Monday September 01 2014, @08:02AM (#88030)

      my current setup involves moving a .txt to dropbox with the new WPA2 key, open the .txt in the text viewer, update WPA2 key in the router and copy paste.

      this allows me to change keys quite effectively, especially since you can download the file over 3G if you forget one device in the household.

      the advantage of this is that the key length doesn't matter anymore.

      the disadvantage is trusting dropbox. but they don't know my SSID, so its better than the site you mentioned.

      the best option would be a local/offline script. does anyone know if this exists?

      • (Score: 0) by Anonymous Coward on Monday September 01 2014, @08:27AM

        by Anonymous Coward on Monday September 01 2014, @08:27AM (#88033)

        my current setup involves moving a .txt to dropbox with the new WPA2 key

        You put your key in the cloud? Yes, that sounds very secure ...

      • (Score: 0) by Anonymous Coward on Monday September 01 2014, @09:23AM

        by Anonymous Coward on Monday September 01 2014, @09:23AM (#88050)

        > the disadvantage is trusting dropbox. but they don't know my SSID, so its better than the site you mentioned.

        If you used a really generic SSID like "LINKSYS" then even if they did know the SSID it would do them any good.

        • (Score: 2) by GreatAuntAnesthesia on Monday September 01 2014, @10:40AM

          by GreatAuntAnesthesia (3275) on Monday September 01 2014, @10:40AM (#88061) Journal

          If you really want to fuck with their[1] heads, use a password like LINKSYS on a broadcom router. Then set the SSID to "3COM16405".

          [1]whoever "they" are.

    • (Score: 1, Interesting) by Anonymous Coward on Monday September 01 2014, @10:17AM

      by Anonymous Coward on Monday September 01 2014, @10:17AM (#88059)

      I don't turn that option on on any of my wifi routers, home, or office.

      Part of the original WPS clusterfuck was that on many routers even if you disabled WPS. it actually remained enabled.

      Gotta love the race to the rock bottom...

    • (Score: 0) by Anonymous Coward on Monday September 01 2014, @10:46AM

      by Anonymous Coward on Monday September 01 2014, @10:46AM (#88064)

      You can go here and gen a QR code for any guests to to configure their android devices so you never have to tall anyone the password.

      you're effectively suggesting that people disclose their passwords to that site...

      • (Score: 2) by Nerdfest on Monday September 01 2014, @01:21PM

        by Nerdfest (80) on Monday September 01 2014, @01:21PM (#88081)

        You print it out or show people the picture on your phone or computer. I believe the Android QRCode app is actually capable of doing the same thing as this site as well for those who may be interested.

    • (Score: 2) by digitalaudiorock on Monday September 01 2014, @01:18PM

      by digitalaudiorock (688) on Monday September 01 2014, @01:18PM (#88080) Journal

      I don't turn that option on on any of my wifi routers, home, or office. How hard is it to enter a passphrase?

      I've always used a strong passphrase myself. The only time it ever became inconvenient was when I bought an HP printer that had only wireless networking, and which did not support any way of entering a passphrase on the unit itself. If you've never run into one of those, you have to install them first as UBS in order to configure your wireless...don't even get me started.

  • (Score: 2) by Techwolf on Monday September 01 2014, @03:46PM

    by Techwolf (87) on Monday September 01 2014, @03:46PM (#88111)

    Has a tool been released? Or has a current tool, like reaver/bully been updated?