An attack can break into some common Wi-Fi routers, via a configuration feature in setting up the WPS.
This attack exploits weak randomization of the router in a key used to authenticate hardware PINs on some implementations of WPS, allowing anyone to quickly collect enough information to guess the PIN using offline calculations. By calculating the correct PIN, rather than attempting to brute-force guess the numerical password.
The previous attacks require up to 11,000 guesse and approximately four hours to find the correct PIN to access the router's WPS functionality, also the Reaver tool from Backtrack is dead as the router locks itself in an online attack. But the new attack only requires a single guess and a series of offline calculations, according to Dominique Bongard, reverse engineer and founder of 0xcite, a Swiss security firm as he says "It takes one second," "It's nothing. Bang. Done."
 |
| A different Attack on Wifi via BackTrack 5 (click to zoom) |
Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.
The attack was originally demonstrated at the Black Hat security conference in early August, on the previous work published by Stefan Viehböck in late 2011. Viehböck found a number of design flaws in Wi-Fi Protected Setup, but most significantly, he found that the PIN needed to complete the setup of a wireless router could be broken into smaller parts and each part attacked separately. By breaking down the key, the number of attempts an attacker would have to try before finding the key shrunk from an untenable 100 million down to a paltry 11,000, which is a significant flaw for any access-control technology.
We hope this flaw will be corrected soon!
Source
No comments:
Post a Comment