1 / 10

Brute Force Attack Against Wi-Fi Protected Setup

Reaver is the Linux tool used to implement a Brute Force Attack against Wi-Fi Protected Setup registrar PINs in order to recover WPA/WPA2 passphrases. Brute Force Attack Against Wi-Fi Protected Setup. History.

kris
Download Presentation

Brute Force Attack Against Wi-Fi Protected Setup

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reaver is the Linux tool used to implement a Brute Force Attack against Wi-Fi Protected Setup registrar PINs in order to recover WPA/WPA2 passphrases. Brute Force AttackAgainstWi-Fi Protected Setup

  2. History • Since 2007 the Wi-Fi Alliance provided industry wide setup solutions for home and small business environments. • Allows for typical users with little knowledge of wireless configurations and security settings to configure a new wireless network.

  3. Wi-Fi Protected Setup (WPS) • By default (out-of-the-box) WPS is always active on all devices. • WPS is marketed as being secure, however newly discovered design and implementation flaws allow attackers to gain access. • Allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. • When the user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network.

  4. Push-Button-Connect • User pushes a button on both the Access Point and new wireless device (e.g. printer, PC, NIC)

  5. Personal Identification Number Internal Registrar • User enters WPS PIN of the Wi-Fi adapter into the web interface of the Access Point. External Registrar • User enters WPS PIN of the Access Point into the client device (e.g. PC, laptop)

  6. Reaver Tool • Is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol flaw in the Wi-Fi Protected Setup (WPS). • This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. • Determine an Access Point's PIN and then extract the PSK and give it to the attacker.

  7. Results • An authentication attempt can take between 0.5 and 3 seconds to complete. • Once the PIN of the Access Point has been discovered the Access Point then hands the requesting device the passphrase.

  8. Affected Vendor List (not complete) • Buffalo • ZyXEL • Technicolor • Cisco/Linksys • Netgear • D-Link • Belkin

  9. Mitigation • Disable WPS, however this may not be available on all devices.

  10. References • Tactical network solutions. (2011). Retrieved from http://www.tacnetsol.com/products

More Related