SlideShare une entreprise Scribd logo

Brute forcing Wi-Fi Protected Setup

S
Scientia Groups
Technologie
1  sur  9
Télécharger pour lire hors ligne
Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. 26.12.2011 Stefan Viehböck Version 3 https://twitter.com/sviehb http://sviehb.wordpress.com/
Introduction “Wi-Fi Protected Setup™ is an optional certification program from the Wi-Fi Alliance that is designed to ease the task of setting up and configuring security on wireless local area networks. Introduced by the Wi-Fi Alliance in early 2007, the program provides an industry-wide set of network setup solutions for homes and small office (SOHO) environments. Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. More than 200 products have been Wi-Fi CERTIFIED™ for Wi-Fi Protected Setup 1 since the program was launced (sic!) in January 2007.” The Wi-Fi Simple Configuration Specification (WSC) is the underlying technology for the Wi-Fi Protected Setup certification. Almost all major vendors (including Cisco/Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL and Technicolor) have WPS-certified devices, other vendors (eg. TP-Link) ship devices with WPS-support which are not WPS-certified. WPS is activated by default on all devices I had access to. Although WPS is marketed as being a secure way of configuring a wireless device, there are design and implementation flaws which enable an attacker to gain access to an otherwise sufficiently secured wireless network. Configuration Options Overview WPS supports out-of-band configuration over Ethernet/UPnP (also NFC is mentioned in the specification) or in-band configuration over IEEE 802.11/EAP. Only in-band configuration will be covered in this paper. Terminology2  The enrollee is a new device that does not have the settings for the wireless network.  The registrar provides wireless settings to the enrollee.  The access point provides normal wireless network hosting and also proxies messages between the enrollee and the registrar. 1 http://www.wi-fi.org/wifi-protected-setup/ 2 http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN- Netspec.doc Page 2 of 9
Push-Button-Connect (“PBC”) The user has to push a button, either an actual or virtual one, on both the Access Point and the new wireless client device. PBC on the AP will only be active until authentication has succeeded or timeout after two minutes. 3 This Option is called wps_pbc in wpa_cli (text-based frontend program for interacting with wpa_supplicant). Firgure 1: activated “virtual Push Button” (Windows acts Figure 2: Description of PBC option (Linksys WRT320N as enrollee) (Windows 7) User Manual) PIN Internal Registrar The user has to enter the PIN of the Wi-Fi adapter into the web interface of the access point. The PIN can either be printed on the label of the adapter or generated by software. This option is called wps_pin in wpa_cli. Figure 4: PIN field – Router is Registrar (Linksys WRT320N Web Interface) Figure 3: Description of PIN internal Registrar option (Linksys WRT320N User Manual) 3 http://hostap.epitest.fi/wpa_supplicant/ Page 3 of 9
External Registrar The user has to enter the PIN of the access point into a form on the client device (eg. computer). This option is called wps_reg in wpa_cli. Figure 5: Description of PIN external Registrar option (Linksys WRT320N User Manual) Figure 6: Windows Connect Now Wizard acting as a Registrar (Windows 7) Figure 7: Label with WPS PIN on the back of a D-Link router Design Flaw #1 Option / Authentication Physical Access Web Interface PIN Push-button-connect X PIN – Internal Registrar X PIN – External Registrar X WPS Options and which kind of authentication they actually use. As the External Registrar option does not require any kind of authentication apart from providing the PIN, it is potentially vulnerable to brute force attacks. Page 4 of 9
Authentication (PIN – External Registrar)4 IEEE 802.11 Supplicant → AP Authentication Request 802.11 Authentication Supplicant ← AP Authentication Response Supplicant → AP Association Request 802.11 Association Supplicant ← AP Association Response IEEE 802.11/EAP Supplicant → AP EAPOL-Start Supplicant ← AP EAP-Request Identity EAP Initiation Supplicant → AP EAP-Response Identity (Identity: “WFA-SimpleConfig-Registrar-1-0”) IEEE 802.11/EAP Expanded Type, Vendor ID: WFA (0x372A), Vendor Type: SimpleConfig (0x01) M1 Enrollee → Registrar N1 || Description || PKE Diffie-Hellman Key Exchange M2 Enrollee ← Registrar N1 || N2 || Description || PKR || Authenticator M3 Enrollee → Registrar N2 || E-Hash1 || E-Hash2 || Authenticator M4 Enrollee ← Registrar N1 || R-Hash1 || R-Hash2 || EKeyWrapKey(R-S1) || proove posession of 1st half of PIN Authenticator M5 Enrollee → Registrar N2 || EKeyWrapKey(E-S1) || Authenticator proove posession of 1st half of PIN M6 Enrollee ← Registrar N1 || EKeyWrapKey(R-S2) || Authenticator proove posession of 2nd half of PIN M7 Enrollee → Registrar N2 || EKeyWrapKey(E-S2 ||ConfigData) || Authenticator proove posession of 2nd half of PIN, send AP configuration M8 Enrollee ← Registrar N1 || EKeyWrapKey(ConfigData) || Authenticator set AP configuration st Enrollee = AP PSK1 = first 128 bits of HMACAuthKey(1 half of PIN) nd Registrar = Supplicant = Client/Attacker PSK2 = first 128 bits of HMACAuthKey(2 half of PIN) PKE = Diffie-Hellman Public Key Enrollee E-S1 = 128 random bits PKR = Diffie-Hellman Public Key Registrar E-S2 = 128 random bits Authkey and KeyWrapKey are derived from the Diffie- E-Hash1 = HMACAuthKey(E-S1 || PSK1 || PKE || PKR) Hellman shared key. E-Hash2 = HMACAuthKey(E-S2 || PSK2 || PKE || PKR) Authenticator = HMACAuthkey(last message || current R-S1 = 128 random bits message) R-S2 = 128 random bits R-Hash1 = HMACAuthKey(R-S1 || PSK1 || PKE || PKR) EKeyWrapKey = Stuff encrypted with KeyWrapKey (AES- R-Hash2 = HMACAuthKey(R-S2 || PSK2 || PKE || PKR) CBC) 1 2 3 4 5 6 7 0 st checksum 1 half of nd PIN 2 half of PIN If the WPS-authentication fails at some point, the AP will send an EAP-NACK message. 4 based on http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a- b18336565f5b/WCN-Netspec.doc Page 5 of 9
Design flaw #2 An attacker can derive information about the correctness of parts the PIN from the AP´s responses. st  If the attacker receives an EAP-NACK message after sending M4, he knows that the 1 half of the PIN was incorrect. nd  If the attacker receives an EAP-NACK message after sending M6, he knows that the 2 half of the PIN was incorrect. This form of authentication dramatically decreases the maximum possible authentication attempts 8 4 4 needed from 10 (=100.000.000) to 10 + 10 (=20.000). th 4 As the 8 digit of the PIN is always a checksum of digit one to digit seven, there are at most 10 + 3 10 (=11.000) attempts needed to find the correct PIN. Brute Force Methodology Figure 8: Flowchart showing how an optimized brute force attack works Page 6 of 9
Brute Force Implementation 5 A proof-of-concept brute force tool was implemented in Python. It uses the Scapy Library for decoding, generating, sending and receiving packets. This tool was used on several routers made by different vendors. Sample output sniffer started trying 00000000 attempt took 0.95 seconds trying 00010009 attempt took 1.28 seconds trying 00020008 attempt took 1.03 seconds <snip> trying 18660005 attempt took 1.08 seconds trying 18670004 # found 1st half of PIN attempt took 1.09 seconds trying 18670011 attempt took 1.08 seconds trying 18670028 attempt took 1.17 seconds trying 18670035 attempt took 1.12 seconds <snip> trying 18674071 attempt took 1.15 seconds trying 18674088 attempt took 1.11 seconds trying 18674095 # found 2nd half of PIN E-S2: 0000 16 F6 82 CA A8 24 7E 98 85 4C BD A6 BE D9 14 50 .....$~..L.....P SSID: 0000 74 70 2D 74 65 73 74 tp-test MAC: 0000 F4 EC 38 CF AC 2C ..8.., Auth Type: 0000 00 20 . Encryption Type: 0000 00 08 .. Network Key: 0000 72 65 61 6C 6C 79 5F 72 65 61 6C 6C 79 5F 6C 6F really_really_lo 0010 6E 67 5F 77 70 61 5F 70 61 73 73 70 68 72 61 73 ng_wpa_passphras 0020 65 5F 67 6F 6F 64 5F 6C 75 63 6B 5F 63 72 61 63 e_good_luck_crac 0030 6B 69 6E 67 5F 74 68 69 73 5F 6F 6E 65 king_this_one Key Wrap Algorithm: 0000 76 3C 7A 87 0A 7D F7 E5 v<z..}.. 5 http://www.secdev.org/projects/scapy/ Page 7 of 9
Results Authentication attempt duration One authentication attempt usually took between 0.5 and 3 seconds to complete. It was observed that the calculation of the Diffie-Hellman Shared Key (needs to be done before generating M3) on the AP took a big part of the authentication time. This can be speeded up by choosing a very small DH Secret Number, thus generating a very small DH Public Key and making Shared Key calculation on the AP’s side easier. Implementation Flaws Some vendors did not implement any kind of blocking mechanism to prevent brute force attacks. This allows an attacker to try all possible PIN combinations in less than four hours (at 1.3 seconds/attempt). On average an attack will succeed in half the time. The Netgear device has lock down functionality implemented, but the lock down phases are not long enough to make an attack impractical. In this case an attack will on average succeed in less than a day (timing data can be found on the next page). WPS- Vendor Device Name HW-Version FW-Version Lock down certified D-Link DIR-655 A4 (Web Interface) 1.35 No Yes A5 (Label) 6 Linksys WRT320 1.0 1.0.04 ? Yes Netgear WGR614v10 ? 1.0.2.26 Yes Yes TP-Link TL-WR1043ND 1.8 V1_110429 No No Firmware versions are up-to-date as of 18.10.2011. In rare cases devices started to send malformed messages or their web interface and routing did not work properly anymore. A reboot was needed to solve the problem. This might be evidence of some kind of corruption, but was not investigated further. 6 WPS-functionality always stopped to work somewhere between 2 and 150 failed authentication attempts. The functionality did not even return after several hours. I would consider this a bug in the firmware which causes a DoS rather than lock-down functionality. Page 8 of 9
Mitigations End users Deactivate WPS. This may not always be possible. Vendors Introduce sufficiently long lock-down periods in order to make an attack impractical. Of course this requires a new firmware release. Attempts Lock Attempts Maximum Maximum Comment before down per attack time attack time lock time minute down 11000 0 minutes 46.15 3.97 hours 0.17 days no lock down 7 ? 4.20 43,65 hours 1,82 days Netgear WGR614v10 3 1 minutes 2.82 65.08 hours 2.71 days Requirement for WSC 2.0 8 15 60 minutes 0.25 hours hours 737.31 30.72 days certification? Lock down configurations making 10 60 minutes 0.17 1103.97 46.00 days brute force less practical 5 60 minutes 0.08 hours 2203.97 91.83 days Assumed time per attempt: 1.3 seconds hours Considering that an AP typically runs for several months, a determined attacker might still be able to successfully attack a WPS-enabled AP. This attack is low-cost and has a high success guarantee compared to cracking WPA/WPA2-PSK. Conclusion As nearly all major router/AP vendors have WPS-certified devices and WPS – PIN (External Registrar) is mandatory for certification, it is expected that a lot of devices are vulnerable to this kind of attack. Having a sufficiently long lock-down period is most likely not a requirement for certification. 8 However it might be a requirement in the (new) WSC Specification Version 2 . I contacted the Wi-Fi Alliance about this – they have yet to respond. Collaboration with vendors will be necessary for identifying all vulnerable devices. It is up to the vendors to implement mitigations and release new firmware. Affected end-users will have to be informed about this vulnerability and advised to disable WPS or update their firmware to a more secure version (if available). 7 No consistent lock down pattern was found. However on average about 4.20 authentication attempts per minute were possible. 8 http://www.wi-fi.org/files/20110421_China_Symposia_full_merge.pdf Page 9 of 9

Recommandé

Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup0xcite
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacksn|u - The Open Security Community
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networksSahil Rai
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI HackingSuraj Bohara
 

Recommandé

Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup0xcite
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacksn|u - The Open Security Community
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networksSahil Rai
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI HackingSuraj Bohara
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hackingHarshit Varshney
 
Wireless security
Wireless securityWireless security
Wireless securityAurobindo Nayak
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
WiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detectionWiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detectionDiogo Mónica
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015CODE BLUE
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless networkSyed Ubaid Ali Jafri
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Attack presentation
Attack presentationAttack presentation
Attack presentationFrikha Nour
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)Michael Boman
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Bluetooth Security
Bluetooth SecurityBluetooth Security
Bluetooth SecurityNikhil Raj
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lectureMartyn Price
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityAyoma Wijethunga
 
Wps pixie dust attack
Wps pixie dust attackWps pixie dust attack
Wps pixie dust attackinvad3rsam
 
Ng sec 2016
Ng sec 2016Ng sec 2016
Ng sec 2016Rameshwar Nigam
 

Contenu connexe

Tendances

A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
WiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detectionWiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detectionDiogo Mónica
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015CODE BLUE
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
Attack presentation
Attack presentationAttack presentation
Attack presentationFrikha Nour
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)Michael Boman
 
Bluetooth Security
Bluetooth SecurityBluetooth Security
Bluetooth SecurityNikhil Raj
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lectureMartyn Price
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityAyoma Wijethunga
 

Tendances (20)

Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Wireless security
Wireless securityWireless security
Wireless security
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
WiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detectionWiFiHop - mitigating the Evil twin attack through multi-hop detection
WiFiHop - mitigating the Evil twin attack through multi-hop detection
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
Wpa3
Wpa3Wpa3
Wpa3
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Bluetooth Security
Bluetooth SecurityBluetooth Security
Bluetooth Security
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
 

Similaire à Brute forcing Wi-Fi Protected Setup

Wps pixie dust attack
Wps pixie dust attackWps pixie dust attack
Wps pixie dust attackinvad3rsam
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlWarren Bent
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
Smart Cards & Devices Forum 2013 - Wi-fi protected setup
Smart Cards & Devices Forum 2013 - Wi-fi protected setupSmart Cards & Devices Forum 2013 - Wi-fi protected setup
Smart Cards & Devices Forum 2013 - Wi-fi protected setupOKsystem
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesCisco Mobility
 
802 11 3
802 11 3802 11 3
802 11 3rphelps
 
Attacking backup softwares
Attacking backup softwaresAttacking backup softwares
Attacking backup softwaresNibin Varghese
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matterDESMOND YUEN
 
RINA essentials, PISA Internet Festival 2015
RINA essentials, PISA Internet Festival 2015RINA essentials, PISA Internet Festival 2015
RINA essentials, PISA Internet Festival 2015ICT PRISTINE
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Giorgio Bernardi
 

Similaire à Brute forcing Wi-Fi Protected Setup (20)

Wps pixie dust attack
Wps pixie dust attackWps pixie dust attack
Wps pixie dust attack
 
Ng sec 2016
Ng sec 2016Ng sec 2016
Ng sec 2016
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Smart Cards & Devices Forum 2013 - Wi-fi protected setup
Smart Cards & Devices Forum 2013 - Wi-fi protected setupSmart Cards & Devices Forum 2013 - Wi-fi protected setup
Smart Cards & Devices Forum 2013 - Wi-fi protected setup
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ Implementation
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
WPA2
WPA2WPA2
WPA2
 
609 618
609 618609 618
609 618
 
802 11 3
802 11 3802 11 3
802 11 3
 
Attacking backup softwares
Attacking backup softwaresAttacking backup softwares
Attacking backup softwares
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matter
 
RINA essentials, PISA Internet Festival 2015
RINA essentials, PISA Internet Festival 2015RINA essentials, PISA Internet Festival 2015
RINA essentials, PISA Internet Festival 2015
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
 

Plus de Scientia Groups

System Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise AutomationSystem Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise AutomationScientia Groups
 
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT AutomationSystem Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT AutomationScientia Groups
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint ProtectionScientia Groups
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud ComputingScientia Groups
 
Delivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefiDelivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefiScientia Groups
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices DatasheetsScientia Groups
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online bankingScientia Groups
 
Partners Guide - System Center
Partners Guide - System CenterPartners Guide - System Center
Partners Guide - System CenterScientia Groups
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 
2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating DeckScientia Groups
 
Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10Scientia Groups
 

Plus de Scientia Groups (14)

System Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise AutomationSystem Center 2012 R2 - Enterprise Automation
System Center 2012 R2 - Enterprise Automation
 
System Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT AutomationSystem Center 2012 Orchestrator R2 - Enterprise IT Automation
System Center 2012 Orchestrator R2 - Enterprise IT Automation
 
System Center Endpoint Protection
System Center Endpoint ProtectionSystem Center Endpoint Protection
System Center Endpoint Protection
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud Computing
 
Delivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefiDelivering a secure and fast boot experience with uefi
Delivering a secure and fast boot experience with uefi
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices Datasheets
 
Zeus and Antivirus
Zeus and AntivirusZeus and Antivirus
Zeus and Antivirus
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online banking
 
Dgmdv 1
Dgmdv 1Dgmdv 1
Dgmdv 1
 
Partners Guide - System Center
Partners Guide - System CenterPartners Guide - System Center
Partners Guide - System Center
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010
 
2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck2010 1 22 Partner Marketing Call Welcome Rotating Deck
2010 1 22 Partner Marketing Call Welcome Rotating Deck
 
Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10Quarterly Marketing Call Presentation 1 22 10
Quarterly Marketing Call Presentation 1 22 10
 

Dernier

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Dernier (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Brute forcing Wi-Fi Protected Setup

  • 1. Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. 26.12.2011 Stefan Viehböck Version 3 https://twitter.com/sviehb http://sviehb.wordpress.com/
  • 2. Introduction “Wi-Fi Protected Setup™ is an optional certification program from the Wi-Fi Alliance that is designed to ease the task of setting up and configuring security on wireless local area networks. Introduced by the Wi-Fi Alliance in early 2007, the program provides an industry-wide set of network setup solutions for homes and small office (SOHO) environments. Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. More than 200 products have been Wi-Fi CERTIFIED™ for Wi-Fi Protected Setup 1 since the program was launced (sic!) in January 2007.” The Wi-Fi Simple Configuration Specification (WSC) is the underlying technology for the Wi-Fi Protected Setup certification. Almost all major vendors (including Cisco/Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL and Technicolor) have WPS-certified devices, other vendors (eg. TP-Link) ship devices with WPS-support which are not WPS-certified. WPS is activated by default on all devices I had access to. Although WPS is marketed as being a secure way of configuring a wireless device, there are design and implementation flaws which enable an attacker to gain access to an otherwise sufficiently secured wireless network. Configuration Options Overview WPS supports out-of-band configuration over Ethernet/UPnP (also NFC is mentioned in the specification) or in-band configuration over IEEE 802.11/EAP. Only in-band configuration will be covered in this paper. Terminology2  The enrollee is a new device that does not have the settings for the wireless network.  The registrar provides wireless settings to the enrollee.  The access point provides normal wireless network hosting and also proxies messages between the enrollee and the registrar. 1 http://www.wi-fi.org/wifi-protected-setup/ 2 http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN- Netspec.doc Page 2 of 9
  • 3. Push-Button-Connect (“PBC”) The user has to push a button, either an actual or virtual one, on both the Access Point and the new wireless client device. PBC on the AP will only be active until authentication has succeeded or timeout after two minutes. 3 This Option is called wps_pbc in wpa_cli (text-based frontend program for interacting with wpa_supplicant). Firgure 1: activated “virtual Push Button” (Windows acts Figure 2: Description of PBC option (Linksys WRT320N as enrollee) (Windows 7) User Manual) PIN Internal Registrar The user has to enter the PIN of the Wi-Fi adapter into the web interface of the access point. The PIN can either be printed on the label of the adapter or generated by software. This option is called wps_pin in wpa_cli. Figure 4: PIN field – Router is Registrar (Linksys WRT320N Web Interface) Figure 3: Description of PIN internal Registrar option (Linksys WRT320N User Manual) 3 http://hostap.epitest.fi/wpa_supplicant/ Page 3 of 9
  • 4. External Registrar The user has to enter the PIN of the access point into a form on the client device (eg. computer). This option is called wps_reg in wpa_cli. Figure 5: Description of PIN external Registrar option (Linksys WRT320N User Manual) Figure 6: Windows Connect Now Wizard acting as a Registrar (Windows 7) Figure 7: Label with WPS PIN on the back of a D-Link router Design Flaw #1 Option / Authentication Physical Access Web Interface PIN Push-button-connect X PIN – Internal Registrar X PIN – External Registrar X WPS Options and which kind of authentication they actually use. As the External Registrar option does not require any kind of authentication apart from providing the PIN, it is potentially vulnerable to brute force attacks. Page 4 of 9
  • 5. Authentication (PIN – External Registrar)4 IEEE 802.11 Supplicant → AP Authentication Request 802.11 Authentication Supplicant ← AP Authentication Response Supplicant → AP Association Request 802.11 Association Supplicant ← AP Association Response IEEE 802.11/EAP Supplicant → AP EAPOL-Start Supplicant ← AP EAP-Request Identity EAP Initiation Supplicant → AP EAP-Response Identity (Identity: “WFA-SimpleConfig-Registrar-1-0”) IEEE 802.11/EAP Expanded Type, Vendor ID: WFA (0x372A), Vendor Type: SimpleConfig (0x01) M1 Enrollee → Registrar N1 || Description || PKE Diffie-Hellman Key Exchange M2 Enrollee ← Registrar N1 || N2 || Description || PKR || Authenticator M3 Enrollee → Registrar N2 || E-Hash1 || E-Hash2 || Authenticator M4 Enrollee ← Registrar N1 || R-Hash1 || R-Hash2 || EKeyWrapKey(R-S1) || proove posession of 1st half of PIN Authenticator M5 Enrollee → Registrar N2 || EKeyWrapKey(E-S1) || Authenticator proove posession of 1st half of PIN M6 Enrollee ← Registrar N1 || EKeyWrapKey(R-S2) || Authenticator proove posession of 2nd half of PIN M7 Enrollee → Registrar N2 || EKeyWrapKey(E-S2 ||ConfigData) || Authenticator proove posession of 2nd half of PIN, send AP configuration M8 Enrollee ← Registrar N1 || EKeyWrapKey(ConfigData) || Authenticator set AP configuration st Enrollee = AP PSK1 = first 128 bits of HMACAuthKey(1 half of PIN) nd Registrar = Supplicant = Client/Attacker PSK2 = first 128 bits of HMACAuthKey(2 half of PIN) PKE = Diffie-Hellman Public Key Enrollee E-S1 = 128 random bits PKR = Diffie-Hellman Public Key Registrar E-S2 = 128 random bits Authkey and KeyWrapKey are derived from the Diffie- E-Hash1 = HMACAuthKey(E-S1 || PSK1 || PKE || PKR) Hellman shared key. E-Hash2 = HMACAuthKey(E-S2 || PSK2 || PKE || PKR) Authenticator = HMACAuthkey(last message || current R-S1 = 128 random bits message) R-S2 = 128 random bits R-Hash1 = HMACAuthKey(R-S1 || PSK1 || PKE || PKR) EKeyWrapKey = Stuff encrypted with KeyWrapKey (AES- R-Hash2 = HMACAuthKey(R-S2 || PSK2 || PKE || PKR) CBC) 1 2 3 4 5 6 7 0 st checksum 1 half of nd PIN 2 half of PIN If the WPS-authentication fails at some point, the AP will send an EAP-NACK message. 4 based on http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a- b18336565f5b/WCN-Netspec.doc Page 5 of 9
  • 6. Design flaw #2 An attacker can derive information about the correctness of parts the PIN from the AP´s responses. st  If the attacker receives an EAP-NACK message after sending M4, he knows that the 1 half of the PIN was incorrect. nd  If the attacker receives an EAP-NACK message after sending M6, he knows that the 2 half of the PIN was incorrect. This form of authentication dramatically decreases the maximum possible authentication attempts 8 4 4 needed from 10 (=100.000.000) to 10 + 10 (=20.000). th 4 As the 8 digit of the PIN is always a checksum of digit one to digit seven, there are at most 10 + 3 10 (=11.000) attempts needed to find the correct PIN. Brute Force Methodology Figure 8: Flowchart showing how an optimized brute force attack works Page 6 of 9
  • 7. Brute Force Implementation 5 A proof-of-concept brute force tool was implemented in Python. It uses the Scapy Library for decoding, generating, sending and receiving packets. This tool was used on several routers made by different vendors. Sample output sniffer started trying 00000000 attempt took 0.95 seconds trying 00010009 attempt took 1.28 seconds trying 00020008 attempt took 1.03 seconds <snip> trying 18660005 attempt took 1.08 seconds trying 18670004 # found 1st half of PIN attempt took 1.09 seconds trying 18670011 attempt took 1.08 seconds trying 18670028 attempt took 1.17 seconds trying 18670035 attempt took 1.12 seconds <snip> trying 18674071 attempt took 1.15 seconds trying 18674088 attempt took 1.11 seconds trying 18674095 # found 2nd half of PIN E-S2: 0000 16 F6 82 CA A8 24 7E 98 85 4C BD A6 BE D9 14 50 .....$~..L.....P SSID: 0000 74 70 2D 74 65 73 74 tp-test MAC: 0000 F4 EC 38 CF AC 2C ..8.., Auth Type: 0000 00 20 . Encryption Type: 0000 00 08 .. Network Key: 0000 72 65 61 6C 6C 79 5F 72 65 61 6C 6C 79 5F 6C 6F really_really_lo 0010 6E 67 5F 77 70 61 5F 70 61 73 73 70 68 72 61 73 ng_wpa_passphras 0020 65 5F 67 6F 6F 64 5F 6C 75 63 6B 5F 63 72 61 63 e_good_luck_crac 0030 6B 69 6E 67 5F 74 68 69 73 5F 6F 6E 65 king_this_one Key Wrap Algorithm: 0000 76 3C 7A 87 0A 7D F7 E5 v<z..}.. 5 http://www.secdev.org/projects/scapy/ Page 7 of 9
  • 8. Results Authentication attempt duration One authentication attempt usually took between 0.5 and 3 seconds to complete. It was observed that the calculation of the Diffie-Hellman Shared Key (needs to be done before generating M3) on the AP took a big part of the authentication time. This can be speeded up by choosing a very small DH Secret Number, thus generating a very small DH Public Key and making Shared Key calculation on the AP’s side easier. Implementation Flaws Some vendors did not implement any kind of blocking mechanism to prevent brute force attacks. This allows an attacker to try all possible PIN combinations in less than four hours (at 1.3 seconds/attempt). On average an attack will succeed in half the time. The Netgear device has lock down functionality implemented, but the lock down phases are not long enough to make an attack impractical. In this case an attack will on average succeed in less than a day (timing data can be found on the next page). WPS- Vendor Device Name HW-Version FW-Version Lock down certified D-Link DIR-655 A4 (Web Interface) 1.35 No Yes A5 (Label) 6 Linksys WRT320 1.0 1.0.04 ? Yes Netgear WGR614v10 ? 1.0.2.26 Yes Yes TP-Link TL-WR1043ND 1.8 V1_110429 No No Firmware versions are up-to-date as of 18.10.2011. In rare cases devices started to send malformed messages or their web interface and routing did not work properly anymore. A reboot was needed to solve the problem. This might be evidence of some kind of corruption, but was not investigated further. 6 WPS-functionality always stopped to work somewhere between 2 and 150 failed authentication attempts. The functionality did not even return after several hours. I would consider this a bug in the firmware which causes a DoS rather than lock-down functionality. Page 8 of 9
  • 9. Mitigations End users Deactivate WPS. This may not always be possible. Vendors Introduce sufficiently long lock-down periods in order to make an attack impractical. Of course this requires a new firmware release. Attempts Lock Attempts Maximum Maximum Comment before down per attack time attack time lock time minute down 11000 0 minutes 46.15 3.97 hours 0.17 days no lock down 7 ? 4.20 43,65 hours 1,82 days Netgear WGR614v10 3 1 minutes 2.82 65.08 hours 2.71 days Requirement for WSC 2.0 8 15 60 minutes 0.25 hours hours 737.31 30.72 days certification? Lock down configurations making 10 60 minutes 0.17 1103.97 46.00 days brute force less practical 5 60 minutes 0.08 hours 2203.97 91.83 days Assumed time per attempt: 1.3 seconds hours Considering that an AP typically runs for several months, a determined attacker might still be able to successfully attack a WPS-enabled AP. This attack is low-cost and has a high success guarantee compared to cracking WPA/WPA2-PSK. Conclusion As nearly all major router/AP vendors have WPS-certified devices and WPS – PIN (External Registrar) is mandatory for certification, it is expected that a lot of devices are vulnerable to this kind of attack. Having a sufficiently long lock-down period is most likely not a requirement for certification. 8 However it might be a requirement in the (new) WSC Specification Version 2 . I contacted the Wi-Fi Alliance about this – they have yet to respond. Collaboration with vendors will be necessary for identifying all vulnerable devices. It is up to the vendors to implement mitigations and release new firmware. Affected end-users will have to be informed about this vulnerability and advised to disable WPS or update their firmware to a more secure version (if available). 7 No consistent lock down pattern was found. However on average about 4.20 authentication attempts per minute were possible. 8 http://www.wi-fi.org/files/20110421_China_Symposia_full_merge.pdf Page 9 of 9