Attack Tool Released For WPS Setup Flaw

Trailrunner7 writes "Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Tactical Network Solutions has released the tool as an open-source project on Google Code, but also is selling a more advanced commercial version."

WTF is WPS?

Oh, I see. It's a tool for retards.

Seriously, if you can't admin your router and at least setup a WPA2 protected network without resorting to some sort of giant "easy button", then you have absolutely no right to complain when someone breaks into your network and does whatever it is script kiddies do these days.

This dumbing down of consumer electronics needs to stop. Dilbert said something to the effect of "If you idiot proof something, someone invents a better idiot" (Scott Adams may not have come up with that quote, but that's where I first read it). Therefore, by trying to produce equipment that targets the stupidest of the stupid, we're only dooming everyone to greater depths of stupidity.

It will not end until we literally take a stand against stupidity- draw a line in the sand, and say "If you can't comprehend this stuff, you don't deserve to use it". This "black box" user thing has gone too far. Especially when I read about retarded things like WPS that serve no useful purpose then to let idiots use gear that they would not normally be able to- either because the manufacture fucked up the design and turned it into some obfuscated piece of crap, or because the user simply has no desire to understand things that must surely seem magical to them.

-AC

Re:WTF is WPS?

[gnasher719]

Oh, I see. It's a tool for retards.

A quote from Billy Joel, after being ripped off by his manager (and I think he is one of few people who successfully sued their lawyer): "I know many excellent businessmen who can't sing."

Just because you find it entertaining to know who to admin a router and set up a protected network, most people have a lot better things to do in their lives. Someone who wants a giant "easy button" isn't a retard, but someone who has better things to do in their life.

And guess what, it isn't the people you call "retards" who messed it up. It's the real retards who designed a system where an eight digit PIN number can be cracked in at most 11,000 tries.

Re:WTF is WPS?

[jamesh]

It will not end until we literally take a stand against stupidity- draw a line in the sand, and say "If you can't comprehend this stuff, you don't deserve to use it"

I see this attitude more and more. I wonder if people had to put up with the same elitist bullshit after the car become affordable to masses... or even the printed book. You might know how to use a computer but I wonder if you'd know how a transistor works and how to build one, or what an IRQL is, or a DPC. And even if you do, there will be someone else that knows more than you who will look down their nose at you and tell you you have no right to use a computer without understanding how it works.

WPS isn't that bad an idea really... it just turns out it has a bug, and unfortunately that bug is going to be unfixable in a lot of cases (end-of-life model AP with no firmware update available)... hopefully those AP's at least have a way to turn it off. If you are pointing the finger of blame at anyone, point it at the people who implemented it - they're the ones who screwed up.

If i'm feeding the trolls... i might as well give them a good meal.

Re:WTF is WPS?

[h00manist]

much less turning this off because it is a security risk.

...but it's a security *feature*! See it's called "wifi protected setup". No way I'm disabling that, and then what, my wifi setup won't be protected? Are you kidding me? These hacker guys are trying to fool you into turning it off!

Re:WTF is WPS?

[ACE209]

Luckily the European Union likes car analogies too ;)
http://en.wikipedia.org/wiki/European_Computer_Driving_Licence

Re:WTF is WPS?

UAC isn't useless. It's like having to sudo before doing something. A regular user will just always hit yes. An experienced user will know that this should be happening or not.

Re:WTF is WPS?

[flimflammer]

Er, what? UAC a "waste of time for experienced people"? It's about useless for anyone but experienced people.

Or are you of the belief that applications should just automatically have admin privileges without user consent?

Re:WTF is WPS?

[LordLimecat]

You have to give some credit to the cleverness of Cisco / Linksys. After the debacle of the WRT54G being the most wildly popular router ever and the basis for DD-WRT (which got tons of people buying those routers), they realized their mistakes of making a great router OS based on proven work. They vowed that NEVER AGAIN would a router be so popular that people would give two craps about the OS on it.

Hence the lowering of the RAM and flash on subsequent WRT54G generations. But it didnt work! People kept buying them, and using DD-WRT! This was unacceptable, and so they moved to a new OS written in India that NOONE could possibly love (as its interface didnt even work right in IE), and changed to the WRT54G2.

Since then, phenomenal progress has been made in curbing enthusiasm for Linksys products. There are still those who care about their products, but Cisco Indian engineers are working feverishly to tidy up even those loose ends.

Re:WTF is WPS?

A novice user in the presence of experienced users will ask what they should do about a UAC question they don't understand, especially if it's not their computer and they know they're novices.

An experienced user who gets a UAC question when they weren't trying to do what UAC asked for permission for, will conclude that something funny is going on and act appropriately. In the "bad old days", it wouldn't have even asked, it would've just done whatever malicious administration the web page called for.

A year huh?

from: http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.htm

This is a capability that we at TNS have been testing, perfecting and using for nearly a year. But now that this vulnerability has been discussed publicly we have decided to announce and release Reaver

Very nice way to make a profit there guys and ignore responsible disclosure.

Re:What purpose?

[jamesh]

Seriously, what non-malicious purpose would this tool have? Anybody who read about the vulnerability knows how it works; there is no need to have a sample attack because it is obvious how this works; having an exploit tool cannot have any legitimate uses.

Sure it does. If a customer questions why this should be audited and fixed on their network immediately I can tell them that there is exploit code publicly available that anyone can download and use and have access to the network in 4-10 hours instead of talking about theoretical bad guys who might have obtained a theoretical exploit from somewhere. It makes it a "fix this now" problem with a known risk instead of being put off and treated as a low risk security issue and never fixed. In my case hopefully it's just a quick audit to make sure nobody else has put a WPS enabled AP onto the network, but it still needs to be done.

Maybe you don't remember Slammer/Nimda/Code Red, and a few others of that era. The exploits used were well known and patches were available for a while beforehand but a lot of people never bothered patching because of the perceived low risk and "doesn't apply to me". Ditto for a few Linux ssh and ftp exploits.