Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
ikeinthaiOffline
Post subject: most newer wifi routers now very vulnerable by default.  PostPosted: 22.01.2012, 09:05



Joined: 2010-09-22
Posts: 119
Location: bigannastybkk
Status: Offline
there's a glaring weakness in Wifi Protected Setup (wps) that most newer wifi routers have enabled by default. it makes them very susceptible to having the wpa/wpa2 passphrase stolen, and security completely compromised.

http://sviehb.wordpress.com/2011/12/27/ ... erability/

http://www.kb.cert.org/vuls/id/723755

making sure the WPS is turned off when possible seems to be the only defense.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

the website where they give away one of the tools for this attack claims that two to five hours is long enough to defeat most routers.

http://code.google.com/p/reaver-wps/

this is not an aptosid problem... just a big problem, so moderators feel free to move me 8D

_________________
aptosid: magic in action, the point of the spear. bleedin pearls before swine? lets hope not. freesoftware/freedomsoftware=a chance at freedom. participants, engage your vehicle. . . avatar by zenren
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
DonKultOffline
Post subject: Re: most newer wifi routers now very vulnerable by default.  PostPosted: 22.01.2012, 13:50
Team Member


Joined: 2010-09-02
Posts: 482

Status: Offline
      ikeinthai wrote:
the website where they give away one of the tools for this attack claims that two to five hours is long enough to defeat most routers.

http://code.google.com/p/reaver-wps/


The software might be soon in debian. It's in NEW for 2 weeks already…


The story is a bit dated already, in general, not all routers with WPS are effected - many just crash. Wink Beside, a lot of people still have WEP or WPA activated, both are broken - especially WEP in a few minutes (if the attacker has the right wlancard).

_________________
MfG. DonKult
"I never make stupid mistakes. Only very, very clever ones." ~ The Doctor
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
DeepDayzeOffline
Post subject: RE: Re: most newer wifi routers now very vulnerable by defau  PostPosted: 22.01.2012, 20:50



Joined: 2010-09-11
Posts: 616
Location: USA
Status: Offline
I do not use WPS my default on my routers (Linksys, NetGear/Westell) so this bug may not bite me yet

SO hopefully there will be firmware updates from the major makers to fix this situation
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio