Slashdot Mirror

← Back to Stories (view on slashdot.org)

New WiFi Setup Flaw Allows Easy Router PIN Guessing

Posted by Soulskill on from the orders-of-magnitude dept.

Trailrunner7 writes "There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT. The problem affects a number of vendors' products, including D-Link, Netgear, Linksys and Buffalo. 'I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,' Viehbock said."

26 of 86 comments (clear)

  1. WPS by Shadyman · · Score: 3, Insightful

    As all of the of the more recent router models come with WPS enabled by default...

    Don't you still have to physically push a button to (temporarily) enable WPS? If not, whose bright idea was *that*?

    1. Re:WPS by Anonymous Coward · · Score: 2, Informative

      There's push button mode, and there's a shared PIN mode.

    2. Re:WPS by mkraft · · Score: 3, Insightful

      I believe you still have to put the router into setup mode even when using shared PIN mode. That limits the times this attack could possibly work.

    3. Re:WPS by b4dc0d3r · · Score: 4, Funny

      HAHAHAHA I got a new Linksys. My WPS doesn't work at all. Joke's on them! HAHAHAHAWAit a minute.

    4. Re:WPS by jroysdon · · Score: 2

      This is incorrect. Look at the paper. It states WPS has three methods:
      Push-button-connect
      PIN - Internal Registrar (web interface)
      PIN - External Registrar (PIN)

      Default on the Buffalo WHR-HP-G300N I just reviewed is to have External Registrar (PIN) enabled.

      The paper further states that if a device is WPS certified then it must have the External Registrar (PIN). To make it "user friendly" it will be enabled by default. Hopefully your devices have the ability to disable it.

      Side note: trust no wireless. Best method is to put the wireless in a DMZ and VPN/encrypt all traffic, so even if the wireless is compromized you're still safe. If you restrict all traffic to just DNS and VPN to your device, then would-be freeloaders will just move on even if they found your PIN as they cannot get anywhere.

  2. ok... by viperidaenz · · Score: 2

    So I'm still safe-ish using plain old WPA2/PSK?

    1. Re:ok... by stevel · · Score: 5, Informative

      No. If your router supports the "external" authentication mode using only a PIN, it is vulnerable no matter which encryption type you use or how good your password is. I did not realize that there was such a mode - I too thought it required the pushbutton.

      The easiest mitigation is to disable the WPS PIN on your router, re-enabling it when you want to add a device. Some routers may not have such an option, but at least mine does.

      Scary.

    2. Re:ok... by 93+Escort+Wagon · · Score: 2

      No. If your router supports the "external" authentication mode using only a PIN, it is vulnerable no matter which encryption type you use or how good your password is.

      I didn't see Apple mentioned anywhere. Apparently the recent Airport Extremes do support WPS mode, but (when I checked my router's preferences) it appears there's no set PIN enabled by default. When I go to see how it works, it asks me to enter a PIN that's been chosen by the client. If true, that shouldn't be problematic - although I haven't ever used that "feature" since I never found WPA2 to be particularly difficult to set up in the first place.

      --
      #DeleteChrome
    3. Re:ok... by 93+Escort+Wagon · · Score: 2

      Launch "Airport Utility" and select either an Extreme or an Express. Click on "Manual Setup". Then go to the "Base Station" pulldown menu. The WPS setup is the very last item in that menu - "Add Wireless Clients".

      --
      #DeleteChrome
  3. Does it matter? by wbr1 · · Score: 3, Interesting

    Since most people (home consumers) can't be bothered to change a default name/password/ssid on damn things anyway about 80% or more are unsecure as it it. If you want a secure connection, don't use the air, use a wire, and better yet, make sure you own and monitor its entire length.

    --
    Silence is a state of mime.
    1. Re:Does it matter? by davester666 · · Score: 5, Funny

      Rubbish. That's just half-assed security.

      If you want real security, you need to personally design the chips, fab them [then microwave the resulting chips to make sure they actually fabbed your design], then put fabricate the pcb, solder it all together, then write the router's OS.

      Oh, and for extra credit, implement your own personal wireless protocol [using either/both of the public 2.4/5 GHz frequencies] for both the router you just fabbed as well as for your computing devices.

      --
      Sleep your way to a whiter smile...date a dentist!
    2. Re:Does it matter? by LordLimecat · · Score: 3, Interesting

      WPA2-PSK is, I would argue, more secure than bog-standard wired ethernet. Wired ethernet is trivial to tap with a laptop with a USB-ethernet port bridged to its internal NIC. Its also possible to tap by simply capturing the EM emissions from the line. ARP poisoning could also trivially reveal plaintext passwords, and what sites you visit.

      With properly set up wifi, on the other hand, every communication is encrypted, HTTPS or not. Im not sure as Ive never tried, but I do not believe that you can arp-poison a wifi connection that has been secured with WPA2.

      Of course you can throw in IPsec, but you can do that regardless of the physical layer involved.

    3. Re:Does it matter? by Bengie · · Score: 2

      Wifi on my Netgear didn't even work until I assigned my own password. It wouldn't even allow open Wifi until I created a secure wifi at least once.

    4. Re:Does it matter? by Midnight_Falcon · · Score: 2
      I would argue that WPA2-PSK is not nearly as secure as ethernet, especially 802.1x protected ethernet (which is rare). Here's why:

      * WiFi is wireless. Most hackers are more apt to hack from a coffee shop across the street with a nice 1-Watt WiFi radio/9+db antenna than try to gain physical access. You have to physically intrude into the network in order to get ethernet access -- and if you've gone this far, can't you just break into the server room and take the disks out of the servers!?!
      * WPA2-PSK uses a shared key. It is not 802.1x, there's no external auth gateway like LDAP or even an internal database. This key is subject to being inadvertently shared if any computer or device with wifi access is compromised. Then, all your WiFi communications are in the clear!
      * WPA2-PSK has absolutely no affect on ARP spoofing, poisoning, or other methods of running man-in-the-middle attacks. It's merely a perimeter security service -- once you're in the network, you can still run any attacks that the given routing equipment/firewalls allow you to, wireless or not.

      Also, I'd like to point out that using WPA2-PSK does NOT secure your HTTP connections like HTTPS -- they are still subject to eavesdropping if someone is within your internal network, or, if they are at your ISP, or any intermediary network in between. WPA2 is highly distinct from, with little overlap and no substitute for using SSL/TLS for HTTP transmissions!!
      My opinion is that WPA2-PSK is adequate security for a home of the average person, but not for any mid sized or above business (or small business processing credit cards or other financial data). The choice of WiFi security algorithm is only like a gatekeeper at the city walls, once someone has entered your city, you still need to police your city.

    5. Re:Does it matter? by LordLimecat · · Score: 2

      * WiFi is wireless. Most hackers are more apt to hack from a coffee shop across the street with a nice 1-Watt WiFi radio/9+db antenna than try to gain physical access. You have to physically intrude into the network in order to get ethernet access

      The problem is, youre looking at the best case scenarios for each, and I would agree-- on a hardened network with a managed switch and security policies in place, a wired solution can be more secure. But in an average scenario, wired setups are horribly vulnerable to ARP sniffing, DHCP spoofing, inserting a tap between wall jack and workstation, etc. No authentication is needed for ANY of those-- your attacker doesnt even need authorization, just physical access, which is terribly easy in 90% of offices and homes.

      On the other hand, WPA2 exposes itself to a much wider audience, but demands authorization, and has proven security. Good luck cracking WPA2-AES 16 character passwords with aircrack-ng, its gonna be a while.

      WPA2-PSK has absolutely no affect on ARP spoofing, poisoning, or other methods of running man-in-the-middle attacks.

      It does in the sense that anyone and any device that wants to perform those attacks must have the key.

      WPA2-PSK uses a shared key. It is not 802.1x....all communications in the clear...

      I was under the mistaken impression that WPA2 PSK performed a secure session key exchange, which is apparently not the case; I should have not specified PSK in particular. The fact remains, WPA2 has more built-in security than a bog-standard Cat5 connection, which is incredibly trivial to tap.

      Also, I'd like to point out that using WPA2-PSK does NOT secure your HTTP connections like HTTPS -- they are still subject to eavesdropping if someone is within your internal network, or, if they are at your ISP, or any intermediary network in between

      It protects it from node to AP, whereas ethernet provides no such security. Imagine if you will, two networks-- one, all hops are cat5 (and no ipsec), and the other, all hops are WPA2 AES w/ strong password (mixed alphanumeric 30 characters).

      Which would you say is more susceptible to an MITM attack? The one with no authentication or encryption built into the physical layer, or the one with?

  4. Nothing new by ewanm89 · · Score: 3, Informative

    Same old thing, default configuration is bad.

    1. Re:Nothing new by gadzook33 · · Score: 3, Interesting

      I guess. Except that shouldn't be (isn't?) true. Is the default mode I use SSL in bad? Is Amazon's security bad?

      I just can't believe how incredibly poor this implementation was. For that matter, I can't believe no one noticed it up until now. This just seems like security 101 stuff. If nothing else it shouldn't have passed the you-don't-get-something-for-nothing common sense check.

    2. Re:Nothing new by swillden · · Score: 3, Informative

      Same old thing, default configuration is bad.

      Not really. That would imply that changing the default configuration to something else would fix the problem, but it doesn't. The only thing that fixes it is disabling WPS. Well, I suppose setting a really long PIN -- but the default is 8 digits which most people would expect is reasonable anyway. If the protocol didn't leak information about the PIN, or the device didn't allow brute force searches, this wouldn't be a problem.

      This isn't a default configuration problem, this is a security protocol defect coupled with an implementation error.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. Too much information? by jsm18 · · Score: 4, Funny

    "The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak"

    Does anyone else visualize a router responding with: "Getting warmer!"

  6. Re:and this is why I didn't trust WPS by Waffle+Iron · · Score: 4, Funny

    It sounds like all of your gear has been damned. That probably means that you have bigger things to worry about than security threats coming from this world.

  7. WPS - maybe not that easy by hcs_$reboot · · Score: 2

    Most of routers implementations allow a few attempts and then black list the MAC address of the attacker for a while (according to TFA the program would have to try at most 11,000 times).
    Thus the attacker program should be low-level enough to fake its own MAC address all the time.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  8. Immune. I use Tomato Linux on my guest WIFI router by VortexCortex · · Score: 2, Interesting

    I use OpenWRT on my private router. As can be said of ALL default installed software: SCREW the firmware that comes with the routers.

    It's just like my Laptop, Servers, Workstations, and Phone: If I can't install MY OS on it, it's not worth any of my time. If I haven't installed my OS on it, I DON'T USE IT.

    That "easy setup" button on my router now gives me a minimal window of time during which I can SSH in to the router itself -- I have to be connected to the router already to do so over Ethernet or WPA2 w/ AES.

    If you don't know how to drive GET THE HELL OUT from behind the steering wheel! The same can be said for networks, security, computers in general. If you can't configure your network, get someone who can to do so. Otherwise, expect to lose control and have a horrible accident when you brake instead of clutch, or WPS or WEP instead of WPA PSK w/ custom firmware.

  9. Re:On LinkSys by Mathinker · · Score: 2

    After getting the "our developers are working on it" runaround for months and months when Linksys didn't issue new drivers without the Broadcom vulnerability for my WPC54G v.4 adapter, rendering it totally useless, I decided to never, never, buy Linksys equipment.

    I actually "inherited" this card from a relative who had bought it and found out he didn't need it.

    This really has to show you how bad Linksys's customer relations were with me: I didn't even pay for the adapter myself and Linksys still managed to totally piss me off with their lying stories about their developers working on new drivers.

    (Disclaimer: I've posted this before here, when it was on-topic. I'll probably stop bothering to post it sometime in the next 10 years or so.)

  10. Simple mistake, simple correction by romiz · · Score: 3, Informative

    From the PDF, the implementation mistake is to give the attacker feedback on whether the tried key is correct after the first half of authentication (phase M4), and then after the complete authentication (phase M6). Since the PIN is only 8 digits, and the last one is a checksum, the problem is reduced to guessing 1 number in 10000, and then 1 in 1000.

    The document states that there are few possible mitigations for the problem. However, it skips the obvious one: do not notify authentication success/failure until the response to the M6 message. This would restore the 1 in 10,000,000 guessing complexity of the PIN code, without changing the protocol. It should even be a new issue tested by the compliance suite the vendors need to pass to get the WPS certification.

  11. Designed by complete morons by gweihir · · Score: 5, Insightful

    The attack in short: WPS NACKs a partially transmitted PIN if the first part is wrong. This leaves 20k trials needed for brute-force, instead of 1M.

    I have no idea how people this incompetent get to design widely used protocols.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. Re:Bad Security = Bad Security big surprise by realityimpaired · · Score: 2

    If you don't use Tomato or DD-WRT on your router you obviously don't really care about security anyway so who cares? The OOB ROMs on most consumer routers are full of more holes than a breadboard.

    BS. I can't speak to some brands, but the main reason to install Tomato or DD-WRT is *not* security, it's features. If you're not using one of those firmwares, then it's because you don't need the added features that they offer (or perhaps, you have a router which came with every single one of those features out of the box, and see no point in installing them). There is absolutely nothing that Tomato can do which can't be done with the default firmware on my TP-Link router, because the default firmware is that good. It literally does everything that Tomato does, and even provides a well-documented way to replace the firmware with Tomato if you still think it's better. (Tomato is mentionned specifically in the manual, as an example of why you'd use that feature in the firmware).

    Tomato/DD-WRT are great for adding features like advanced QoS rules to an older router, or a router from a company that doesn't think that consumers need stuff like that, but they really don't improve the *security* at all. And that's largely because the *security* is all relying on the same protocols, and need to comply with standards like WPA2/PSK in order to play friendly with the computers you're trying to connect to it. If you're seriously worried about exploits to gain admin access to the firmware (assuming they even exist...), then you've already lost the battle, because it means that somebody you don't trust has already gotten access to your internal network.