Dunno if you guys had seen this.
--Joey
-------- Original Message --------
Subject: US-CERT Technical Cyber Security Alert TA12-006A -- Wi-Fi
Protected Setup (WPS) Vulnerable to Brute-Force Attack
Date: Fri, 6 Jan 2012 16:17:40 -0500
From: US-CERT Technical Alerts <technical-alerts@us-cert.gov>
Organization: US-CERT - +1 202-205-5266
To: technical-alerts@us-cert.gov
National Cyber Alert System
Technical Cyber Security Alert TA12-006A
Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
Original release date: January 06, 2012
Last revised: --
Source: US-CERT
Systems Affected
Most Wi-Fi access points that support Wi-Fi Protected Setup (WPS)
are affected.
Overview
Wi-Fi Protected Setup (WPS) provides simplified mechanisms to
configure secure wireless networks. The external registrar PIN
exchange mechanism is susceptible to brute force attacks that could
allow an attacker to gain access to an encrypted Wi-Fi network.
I. Description
WPS uses a PIN as a shared secret to authenticate an access point
and a client and provide connection information such as WEP and WPA
passwords and keys. In the external registrar exchange method, a
client needs to provide the correct PIN to the access point.
An attacking client can try to guess the correct PIN. A design
vulnerability reduces the effective PIN space sufficiently to allow
practical brute force attacks. Freely available attack tools can
recover a WPS PIN in 4-10 hours.
For further details, please see Vulnerability Note VU#723755 and
further documentation by Stefan Viehbock and Tactical Network
Solutions.
II. Impact
An attacker within radio range can brute-force the WPS PIN for a
vulnerable access point. The attacker can then obtain WEP or WPA
passwords and likely gain access to the Wi-Fi network. Once on the
network, the attacker can monitor traffic and mount further
attacks.
III. Solution
Update Firmware
Check your access point vendor's support website for updated
firmware that addresses this vulnerability. Further information may
be available in the Vendor Information section of VU#723755 and in
a Google spreadsheet called WPS Vulnerability Testing.
Disable WPS
Depending on the access point, it may be possible to disable WPS.
Note that some access points may not actually disable WPS when the
web management interface indicates that WPS is disabled.
IV. References
* Vulnerability Note VU#723755 -
<http://www.kb.cert.org/vuls/id/723755>
* Wi-Fi Protected Setup PIN brute force vulnerability -
<http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/>
* Cracking WiFi Protected Setup with Reaver -
<http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html>
* WPS Vulnerability Testing -
<https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA12-006A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-006A Feedback VU#723755" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2012 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 06, 2012: Initial release
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/06/12
This archive was generated by hypermail 2.2.0 : 01/06/12 EST