Wireless Access

Reply
Moderator

How dangerous is the Reaver WPS attack?

For Aruba customers, the attack isn't dangerous at all.  For home users, there may be some issues. 

 

There has been a lot of press about the new 'Reaver' attack on the WPS protocol.  To determine how dangerous it is you need to know what the WPS protocol does.  The Wi-Fi Protected Setup standard was designed to simplify configuring security on home networks.  It automatically configures the WPA2 PSK without the user having to enter a long string of random numbers, letters and symbols.  The WPS protocol uses a PIN to automatically configure the PSK on the client device.  The cleartext version of the PSK can be accessed once you have the PIN.

 

The Reaver attack is used to crack the WPS PIN that is used to hide the WPA2 PSK.  Once the PIN is hacked the PSK is available in plain text.  The PIN is fairly easy to crack due to the flaw exploited by Reaver.  In theory the 7 digit pin has roughly 10 million possibilities.  Due to the way the pin is verified, it actually only takes about 11,000 attempts.  Reaver exploits that issue and brute forces its way through the 11,000 options.  This means that the PIN can be broken in 1-10 hours depending on the computer and the AP.  Home networks that enable WPS will be hackable in 1-10 hours regardless of the length or complexity of the PSK.

 

The workaround is to disable the WPS feature on the router so that the PIN is not available and the Reaver tool has nothing to attack.

 

Aruba APs/Controllers do not implement Wi-Fi protected setup.  There are no PINs to attack to get the PSK. 

 

It is important to note that WPA2 PSKs are vulnerable to brute force attacks.  PSKs can be attacked directly without using the WPS PIN.  The WPS PIN is simply much faster to crack than the WPA2 PSKs.  The vulnerablilities to the PSK have been known for over 3 years and there are multiple tutorials on the internet.   That is why it is recommended to use 802.1x whenever possible. 

 

If a PSK must be used, the password should be at least 16 characters long, preferably 32, and include a mix of letters, numbers and symbols.  Longer passwords are highly recommended given the rise of cloud computing and retasking of video cards.  Cloud computing services make large amounts of computing power relatively inexpensive so that quickly brute forcing a weak PSK isn't too onerous.  The highly parrallelizable nature of modern video cards has also been exploited to speed up the cracking of PSKs. 

Guest Blogger

Re: How dangerous is the Reaver WPS attack?

Great post. If your readers would like more information, our new "No Strings Attached Show" Wi-Fi podcast recently spend an episode talking through this very subject with a few experts.

 

http://nostringsattachedshow.com/2012/01/08/e02-wi-fi-protected-setup-battered-or-broken/

 

Thanks,

Andrew vonNagy

Community Manager

Re: How dangerous is the Reaver WPS attack?

Another blog post on the topic with a video on how to:

http://www.paranoidtechnology.com/?p=98

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: