Share

Related Links

Top 5 Stories

News

Home and business Wi-Fi networks are vulnerable

03 January 2012

The majority of home computer networks are wireless and configured by non-technical people. Recognizing that this could lead to security weaknesses, the Wi-Fi Alliance developed the Wi-Fi Protected Setup Protocol (WPS) in 2007 to allow easy security configuration; and the majority of wireless router manufacturers have built this into their products as a default.

Now it is shown to be weak, and is already exploited. On December 27, Stefan Viehböck announced that he had discovered design flaws in WPS and published a paper called Brute forcing Wi-Fi Protected Setup. In essence, these flaws reduce the length of the PIN password and leave it vulnerable to a brute force attack (testing every possible password). He announced that he was working on a script to undertake such an attack.

But the same flaws had been discovered independently by Craig Heffner of Tactical Network Solutions (TNS). TNS had been working on a tool to to exploit this weakness for about a year, and decided to release its code as open source on the very next day. It describes its Reaver product as “a WPA attack tool... that exploits a protocol design flaw in WiFi Protected Setup (WPS).”

Viehböck has now completed his proof of concept tool, which he claims to be faster but doesn’t work with all WiFi adapters. The problem for home users is that  they are likely to have WPS pre-configured and that there is no known way to solve the problem other than by disabling WPS itself – which may well be beyond their technical capability. And there are freely available tools to exploit this vulnerability.

It raises a moral issue. Finding and publishing vulnerabilities is contentious in itself; but developing and publicly releasing what is described as ‘an attack tool’ raises even more eyebrows. The key word is ‘attack’. There is an argument for releasing brute force password cracking tools because they allow system admins to audit the strength of their passwords. No such justification can be used for Reaver.

“TNS unequivocally describes Reaver as an attack tool,” comments David Harley, senior research fellow at ESET, “and it will be of as much interest to prospective attackers as to sysadmins. There are two classic issues with this kind of tool in a corporate context: one is that you have a responsibility not to step over legal or quasi-legal boundaries by misusing access, or even by using the knowledge it may give you to gain unauthorized access. The other is that you don't want its authorized presence on a system to give a real attacker an extra tool. It seems to me that by building in the WPS attack, the tool is actually rendered of questionable use to a conscientious sysadmin, since he can only use it effectively by leaving systems at risk from a potentially broken defensive system.”

Anders Hansson, CTO of Cryptzone, thinks the whole WPS vulnerability is rather academic, since existing password crackers (such as, he says, Elcomsoft’s Wireless Security Auditor) can already break into WPA2-passphrase protected wireless systems in just a couple of hours.

For businesses, he says, “the solution to this issue is that companies should not rely on wireless networks to distribute their networks across and around the office. Hard-wired Ethernet connections, in all their various shapes and forms, are the only truly secure means of connecting to a network resource.”

For the average wireless home user it remains a problem unless without the technical ability to disable WPS and adequately configure WPA2.

This article is featured in:
Encryption  •  Wireless and Mobile Security

 

Comments

royilis says:

17 June 2013
We have the same idea here and I agree with you.
http://www.codefear.com/article/design-elements-ecommerce-websites/

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×