Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Attack Tool Released For WPS Setup Flaw

samzenpus posted more than 2 years ago | from the choose-your-weapon dept.

Security 164

Trailrunner7 writes "Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Tactical Network Solutions has released the tool as an open-source project on Google Code, but also is selling a more advanced commercial version."

Sorry! There are no comments related to the filter you selected.

WTF is WPS? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38536750)

Oh, I see. It's a tool for retards.

Seriously, if you can't admin your router and at least setup a WPA2 protected network without resorting to some sort of giant "easy button", then you have absolutely no right to complain when someone breaks into your network and does whatever it is script kiddies do these days.

This dumbing down of consumer electronics needs to stop. Dilbert said something to the effect of "If you idiot proof something, someone invents a better idiot" (Scott Adams may not have come up with that quote, but that's where I first read it). Therefore, by trying to produce equipment that targets the stupidest of the stupid, we're only dooming everyone to greater depths of stupidity.

It will not end until we literally take a stand against stupidity- draw a line in the sand, and say "If you can't comprehend this stuff, you don't deserve to use it". This "black box" user thing has gone too far. Especially when I read about retarded things like WPS that serve no useful purpose then to let idiots use gear that they would not normally be able to- either because the manufacture fucked up the design and turned it into some obfuscated piece of crap, or because the user simply has no desire to understand things that must surely seem magical to them.

-AC

Re:WTF is WPS? (5, Informative)

errandum (2014454) | more than 2 years ago | (#38536798)

The problem is not the need for the giant button, it's that it is on by default in some routers.

I own a D-Link and I did set up everything by hand, but since I didn't want to use this, I simply didn't touch the option - assuming that, by default, this would be off.

I was wrong, and corrected that, but I wonder how many of those people that use the setup wizard know enough to even get to the advanced features, much less turning this off because it is a security risk.

Re:WTF is WPS? (0)

Ihmhi (1206036) | more than 2 years ago | (#38536836)

I've been seeing stuff like this happen more often to me. I use Windows XP at home but I've been using 7 at a friend's house for the last week or so. There's a lot of stuff that's sorta helpful to newbie uses (UAC, for instance) but a waste of time for experienced people.

Hell, even XP has it. I've had to memorize things like sc stop wuauserv just so it will shut the hell up about restarting every 15 minutes.

Re:WTF is WPS? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38537234)

UAC isn't useless. It's like having to sudo before doing something. A regular user will just always hit yes. An experienced user will know that this should be happening or not.

Re:WTF is WPS? (2, Insightful)

flimflammer (956759) | more than 2 years ago | (#38537326)

Er, what? UAC a "waste of time for experienced people"? It's about useless for anyone but experienced people.

Or are you of the belief that applications should just automatically have admin privileges without user consent?

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38537856)

Given his comment about stopping the Windows Update service so it won't pester him to restart, and since the updater NEEDS to restart in order to fix things like security vulnerabilities that it can't while said code is still running hot...

Well, "All Signs Point To Yes".

Re:WTF is WPS? (0)

adonoman (624929) | more than 2 years ago | (#38538044)

I use Windows XP at home

There's your first problem. The OS is nearly unsupported. If your computer isn't up for installing 7, then install some flavor of Linux.

...a waste of time for experienced people

UAC is more helpful for experienced users than otherwise. We're the ones who are going to look at the UAC prompt after opening a file, and think, "This shouldn't be running priviledged code!" and abort the operation.

WPS is the sort of thing that we need more of - simple to set up, and until now, quite secure. The path of least resistance needs to be secure. Like in Windows, where having a blank password prevents being able to access your computer remotely at all. Or systems where if you haven't explicitly configured a daemon to start, it doesn't (or at least doesn't allow remote access).

Re:WTF is WPS? (2)

BrokenHalo (565198) | more than 2 years ago | (#38538234)

WPS is the sort of thing that we need more of - simple to set up, and until now, quite secure.

Hmmm. I heard of WPS for the first time not quite a week ago: I was given a Sony PRS-T1 ebook reader for Christmas, and the little leaflet that came with it said something about WPS, so I looked it up.

Having found out what it was (and ascertained that my WAP doesn't support it), I discarded the guide and just followed my nose in the usual way for a WiFi setup. I see no reason why we need WPS at all: if we are incapable of typing a password when our device already recognises the network and protocol, then we have no business being attached to the internet at all.

Re:WTF is WPS? (1)

LordLimecat (1103839) | more than 2 years ago | (#38539394)

UAC is not useless at all. Without UAC, there are many types of installer that simply would not work on Windows 7 due to missing permissions; UAC allows those programs, instead of silently failing, to request permissions to do so.

And turning off UAC basically says "yes, please abandon the principle of least privilege!"

I have seen a number of computers running 7 that Ive seen get viruses, but the user did not have the admin password for the UAC prompt that appeared. This meant that the virus couldnt do jack, and was removed in about 3 minutes with a autorun cleanup tool like Autoruns [microsoft.com] . UAC is like the old runas, but far far more capable, compatible, and useful.

Re:WTF is WPS? (5, Insightful)

h00manist (800926) | more than 2 years ago | (#38536926)

much less turning this off because it is a security risk.

...but it's a security *feature*! See it's called "wifi protected setup". No way I'm disabling that, and then what, my wifi setup won't be protected? Are you kidding me? These hacker guys are trying to fool you into turning it off!

Re:WTF is WPS? (4, Informative)

kbolino (920292) | more than 2 years ago | (#38537222)

I've been using and administering Windows since the 3.0 days, and not only do I leave UAC on, but I turn it up to the highest level (7 has variable levels, where the highest level corresponds to the only one available on Vista). I agree it can be a nuisance, and 95% of the time I just click through it (knowing what I did beforehand to trigger it). But every once in a while, it pops up when I know it shouldn't, and that tells me right away that something is doing something it's not supposed to be doing. Not only that, but I can decline to allow it to continue, which to me is UAC's most useful property: the ability to say no. Then it's much easier to locate the problem and remove it. I practice safe browsing and safe e-mail reading as much as possible, and I have a router with a drop-all-unknown-packets (ghost? stealth?) firewall, but I know that I'm not perfect--and neither are the other people who use the computers. YMMV but I've found it to be one of the best improvements over Windows XP.

Re:WTF is WPS? (1)

kbolino (920292) | more than 2 years ago | (#38537228)

Dammit, meant to reply to post above.

Re:WTF is WPS? (2)

AJH16 (940784) | more than 2 years ago | (#38537832)

There is one thing I don't understand why they don't do. Why not store a hash of an executable and allow storage of the approval? If the same program, in an unaltered state wants to run again later, it should be allowed to without prompting. (If the user chose to approve it for future use.) Personally, I'm willing to use it even if I have to click every time, but this would be more convenient without noticeably impacting security. (Technically there are executable stuffing approaches that could match the hash, but that would seem to be tricky, particularly if rewriting the file became a protected operation itself.)

Re:WTF is WPS? (1)

SQLGuru (980662) | more than 2 years ago | (#38538834)

The main reason you don't want auto-re-auth is that you don't want those pre-authorized programs to become attack vectors of any sort......annoying, but for your own safety.

And I take it one more level.....I have an Admin account and a Limited account (not the actual account names). I use the Limited account, so when UAC pops up, I can't just click "yes"....I have to actually type my Admin password. I've done the same with every other computer I've set up for friends and family.

Admin/Limited Accounts (1)

fast turtle (1118037) | more than 2 years ago | (#38539434)

Same here. I've configured an Admin PW with a standard/limited user account for day2day ops. Works fine as the only time I really need admin access is installing/removing software or changing a critical system setting.

Another thing I've done is enabled DEP for all apps except those I've been forced to exclude such as the only game I've had to exclude (Call To Power 2). I haven't seen any issues from any program written for XP-SP2 or later as DEP was an introduced then. It's just one more layer of security.

Re:WTF is WPS? (1)

AmiMoJo (196126) | more than 2 years ago | (#38539200)

It is a security feature. If the app is not in a protected storage area (such as the Program Files directory) it is vulnerable to being modified by other apps. Hashing the executable won't help because chances are the first thing it does is open some DLLs and trusted data files, any of which could be modified too.

Re:WTF is WPS? (1)

AmiMoJo (196126) | more than 2 years ago | (#38539128)

You should check the descriptions next to those levels on the options window. It explains quite clearly that by default settings changes you initiate usually don't create a UAC prompt - there is no need as you clicking on it is authentication enough. When a program tries to make a change then you get the prompt, which seems to be what you and most other people want.

Note that it doesn't affect things like prompts when opening unapproved software and the like, just the really annoying and security wise pointless ones inside cryptographically signed system setting apps.

Re:WTF is WPS? (4, Informative)

neokushan (932374) | more than 2 years ago | (#38536932)

It's on by default because it's there for the average user to easily connect their equipment. If it was off by default, it would require connecting (either via password or cable) and enabling it manually via the setup page - and by that point, you'd just connect the usual way.
In a similar vein, it'd be like UAC being disabled by default - average user won't turn it on, even if it does help them.

Re:WTF is WPS? (1)

AmiMoJo (196126) | more than 2 years ago | (#38539298)

They could just have a hardware switch on the box and a flashing red light next to a sticker explaining that once your laptop is set up you should flip it. They could even have a warning sound like when you leave your car's lights on after removing the key. The fact that they don't make any real effort to even tell people about this important option (e.g. the way printers always come with huge warning stickers telling you to install the software before attaching the USB cable) is simply down to reducing support costs.

I don't know how many people are too dumb to understand simple instructions or ignore a bright flashing red light and siren by they must think they are significant enough in number to warrant having WPS on all the time by default. I happen to be in Japan at the moment and took a quick look at some routers today and most of them seemed to have a WPS button that enables it for 1 minute, but most of the ones sold in the UK/US don't bother. Japanese people are known for reading the manual I suppose.

Actually the ISPs are as much or even more to blame since most people's routers were free with their broadband connection. Many ISPs don't even off modems any more, only modem/routers with wifi.

Re:WTF is WPS? (1)

Lumpy (12016) | more than 2 years ago | (#38536960)

And there are off brand routers and AP's that dont have a function to turn it off.

Unless that is what the "more happy fun" setting is. the Engrish in some of these products is getting silly.

Re:WTF is WPS? (4, Funny)

thegarbz (1787294) | more than 2 years ago | (#38537292)

HA you should have bought a Linksys. I turned on WPS, I typed in my router PIN and I even pushed the button and my devices are still unable to connect.

Secure by design?

Re:WTF is WPS? (1)

Grishnakh (216268) | more than 2 years ago | (#38538996)

That's like my Cisco/Linksys E4200 that has a buggy Reserved DHCP implementation.

After buying an older E1000 router on Ebay and installing DD-WRT on it so I could set up a wireless bridge to one of my printers, I think the best course of action is to buy a DD-WRT-supported router and use that firmware instead (or openWRT or Tomato). The tricky part is finding a router that supports one of these alternative firmwares; even with the same model number, one of the revisions may not be supported as they'll completely change the hardware and wifi chip between revisions.

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38539044)

I believe that the Wi-Fi Alliance [wi-fi.org] requires that the option be enabled by default, in order to obtain the Wi-Fi certification logo. The desire when this program was instituted was to minimize the number of consumer APs that were installed without any security, at all. The security decision were made mostly by non-security folks, consistently rejecting stronger security procedures recommended by the participants that knew better.

Re:WTF is WPS? (5, Insightful)

gnasher719 (869701) | more than 2 years ago | (#38536830)

Oh, I see. It's a tool for retards.

A quote from Billy Joel, after being ripped off by his manager (and I think he is one of few people who successfully sued their lawyer): "I know many excellent businessmen who can't sing."

Just because you find it entertaining to know who to admin a router and set up a protected network, most people have a lot better things to do in their lives. Someone who wants a giant "easy button" isn't a retard, but someone who has better things to do in their life.

And guess what, it isn't the people you call "retards" who messed it up. It's the real retards who designed a system where an eight digit PIN number can be cracked in at most 11,000 tries.

Re:WTF is WPS? (4, Interesting)

Penguinshit (591885) | more than 2 years ago | (#38536838)

That is the crux of the problem: The solution was (pathetically) poorly implemented.

Re:WTF is WPS? (1)

MrNthDegree (2429298) | more than 2 years ago | (#38537072)

Erm, 8 digit PIN is fine. Routers can limit PIN guesses y'know...

Re:WTF is WPS? (4, Informative)

gnasher719 (869701) | more than 2 years ago | (#38537226)

Erm, 8 digit PIN is fine. Routers can limit PIN guesses y'know...

You didn't read the article, did you? The routers tell you that the pin is wrong after four digits. So you need 10,000 tries at most to get the first four digits. The last digit is a checksum, so you need at most another 1000 tries to get the complete number.

Of all the routers tested, only _one_ model limited PIN guesses (you can't turn PIN guesses off obviously because that would just enable a DOS attack) to about one guess every 20 seconds, which means it is cracked within a few days.

Re:WTF is WPS? (1)

null etc. (524767) | more than 2 years ago | (#38538190)

(you can't turn PIN guesses off obviously because that would just enable a DOS attack)

I'm not so sure that's true. The PIN is only used during the setup process. If someone DOS'd you out of pin guesses, you could always PUSH THE BIG SETUP BUTTON AGAIN ON YOUR ROUTER.

Re:WTF is WPS? (1)

AmiMoJo (196126) | more than 2 years ago | (#38539432)

Of all the routers tested, only _one_ model limited PIN guesses (you can't turn PIN guesses off obviously because that would just enable a DOS attack) to about one guess every 20 seconds

Rate limiting won't prevent a DOS attack. The attacker can just set there sending a continuous stream of wrong PIN numbers and the millisecond the rate limiting timer expires it will be reset. Generally speaking there is little you can do to prevent DOS attacks on WiFi, e.g. by sending de-auth packets or just flooding a channel with noise, so it isn't worth worrying about unless the attack doesn't require the attacker to stick around (e.g. causing the router to lock up until power cycled).

Re:WTF is WPS? (2)

Nertskull (2535776) | more than 2 years ago | (#38537112)

I don't totally buy that. I do to a small degree. But its kind of like saying we should give people cars without making them learn how to drive.

We live in a day and age where everyone wants the quick fix, and the easy solution. But to use a tool properly, you need to understand some things about that tool. And when you try to make it overly simple, bad things (as we are seeing here) can happen.

I'm not by any means saying people need a perfect understanding of wifi or networks or security. But I don't think its unfair to require people to do a little bit of reading of a manual to set something up. Having "better things to do in life" is not an excuse for getting out of everything we find complicated. Its narcissistic to think that the ONLY things that are worthwile are the things ONLY oneself is interested in.

Sometimes we have better things to do, absolutely. But sometimes life requires we dig into projects we find boring to get things done correctly.

Simply setup for networks? Absolutely. But at the cost of security for the benefit of ease? Not what I would call ideal.

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38537262)

Pretty sure most manuals would only list "WPS is a secure way and simple way to securely add new wireless devices to your wireless network".... and maybe "this can be disabled"...

But I highly doubt they mention any sort of possible security risks etc etc, so how is reading the manual really going to help?

Going with the car example above, did you read your whole owners manual? Do you know the service schedule?
If you say yes, you're either flat out lying or one of the extremely rare people who really does.know what services/inspections should be done when (and not just oil change, filter change, tire rotation, etc but checking brake fluid, condition of trans fluid and when to change/flush, etc).

And chances are you're the type who take the easy way and hit up a garage or the dealership to get those services done instead of doing it yourself.

Point is, just because you know about IT stuff and read up on articles like these doesn't mean everyone else does, and using a helpful feature/option that saves time isn't inherently bad, just like having a shop change the fluid in your car or repair a mechanical issue rather than purchasing a factory service manual or another repair manual and doing the work yourself so you make sure every bolt is torque exactly to spec or that the oil drain plug wasn't put back in or loose, etc.

Re:WTF is WPS? (1)

AJH16 (940784) | more than 2 years ago | (#38537926)

On the flip side, if the car could drive itself, would people need to know how to drive? Initially, yeah, they probably would in case things don't work right, but eventually it wouldn't really be necessary. I'm not saying that your point doesn't have validity either, but trying to point out that that line is constantly moving. The average consumer doesn't know how to hook up their TV either and buys $40 3 ft monster cable HDMI cables and thinks they got a good deal cause it was 20% off. At the end of the day, once a network is setup, it really shouldn't have to be touched. I'd say they should probably have an idea how to join a wireless network, but not necessarily the knowledge to understand the configuration options and setup a base station. I'd argue the ability to remember I was using that WPA thing with this password is probably sufficient. The rest can be magic that they have someone setup or some fancy wizard from the vendor helps configure.

Re:WTF is WPS? (1)

Grishnakh (216268) | more than 2 years ago | (#38539038)

Just because you find it entertaining to know who to admin a router and set up a protected network, most people have a lot better things to do in their lives. Someone who wants a giant "easy button" isn't a retard, but someone who has better things to do in their life.

I have better things to do with my life than to sit around in bumper-to-bumper traffic and deal with the annoyances of driving. However, since Personal Rapid Transit doesn't exist yet, and I can't afford a limo and chauffeur to relieve myself of the annoyance of having to do the driving myself, I put in the time to learn how to operate a piece of heavy machinery by myself.

If you want to do complex things, sometimes you have to learn some somewhat complex things to get to that point. There's nothing particularly hard about using a router's setup menu, typing in an SSID and a WPA2 passphrase, and then typing those same two pieces of information in on whatever device you're trying to connect to that router. If you can't handle that, you probably can't handle just starting up your PC.

Re:WTF is WPS? (5, Insightful)

jamesh (87723) | more than 2 years ago | (#38536914)

It will not end until we literally take a stand against stupidity- draw a line in the sand, and say "If you can't comprehend this stuff, you don't deserve to use it"

I see this attitude more and more. I wonder if people had to put up with the same elitist bullshit after the car become affordable to masses... or even the printed book. You might know how to use a computer but I wonder if you'd know how a transistor works and how to build one, or what an IRQL is, or a DPC. And even if you do, there will be someone else that knows more than you who will look down their nose at you and tell you you have no right to use a computer without understanding how it works.

WPS isn't that bad an idea really... it just turns out it has a bug, and unfortunately that bug is going to be unfixable in a lot of cases (end-of-life model AP with no firmware update available)... hopefully those AP's at least have a way to turn it off. If you are pointing the finger of blame at anyone, point it at the people who implemented it - they're the ones who screwed up.

If i'm feeding the trolls... i might as well give them a good meal.

Re:WTF is WPS? (1)

Anonymous Coward | more than 2 years ago | (#38536962)

I wonder if people had to put up with the same elitist bullshit after the car become affordable to masses

Not that I agree with GP point-of-view, but you usually (in most country) need a driving licence in order to be allowed to drive a car. Your car analogy would be correct if there was an equivalent "computer licence".

Agreed, even with the driving licence system, there are too many dangerous drivers ...

Re:WTF is WPS? (1)

rrossman2 (844318) | more than 2 years ago | (#38537298)

Bad comparison... think about it.

The test for a drivers license just shows you can use the basics... no different than using the WPS button.

If you wanted something comparable that would apply with this article, it would be like requiring knowing how to change the spark plugs, change the oil, when to flush and fill the transmission fluid and how to do it (and change the transmission filter etc), *none* of which is required for a drivers license (at least not in any area I know of)

Using the turn signals, how to go, turn, read street signs etc would be the equivalent of the very basics of a router setup (including using the WPS button)

Re:WTF is WPS? (1)

thegarbz (1787294) | more than 2 years ago | (#38537338)

So I take it your drivers licence test explains exactly how to find and fix a problem in your car when the check engine light comes on? They explain the engine management systems too I guess?

My guess is you take your car to a mechanic to do anything more than change a tyre. But while we're on that topic, explain to me how a transistor works because you shouldn't be allowed to use any electronics until you can explain the pie model properly.

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38537440)

Yes, because clearly setting a WPA passphrase manually requires one to know how a transistor works.

Or maybe you're an idiot; that is also possible.

Re:WTF is WPS? (2)

lucidlyTwisted (2371896) | more than 2 years ago | (#38537570)

Not that I agree with GP point-of-view, but you usually (in most country) need a driving licence in order to be allowed to drive a car.

And guess what is not covered in getting a license? Checking the oil, changing a tyre, finding and replacing a blown fuse, changing a bulb, correctly inflating tyres or any number of other actions which could be considered "administration" of the car.
If there were an equivalent driving test to routers/Internet it would be thus:
Can you
1) plug the router in?
2) press the shiny button?
3) connect your PC to the router (cable or wireless)?
4) find the router's administration page (no actual use of page is required)?
5) get teh download codez?
Depressing.

I just checked my re-bradged Netgear router and WPS was on by default (it's now off). Why is it so hard to have these things off by default and a clear explanation of what they are? The "help" on the Netgear is useless. For WPS it tells me "An external registrar can only configure the Super Hub's wireless settings through WPS when the Super Hub's PIN is enabled. When it's disabled, users still can add a wireless client through WPS with either Push Button or PIN Number method." Eh? So if I disable the PIN I can still use the PIN? That makes no fucking sense. WTF is WPS? Oh, not going to tell me.
And the push button...what push button? There's no button on the router. Oh, wait, do they mean one of the buttons on the web page? Which one? Is it beyond their wit to tell me? Seems it is.
Then there is this gem "Keep Existing Wireless Settings - This option shows whether the Super Hub is in the WPS configured state." How does the explanation relate to the topic? The two seem totally unrelated. Which wireless setting? My own wireless? if I uncheck that will my wireless access be disabled?
The same repeats for WPA vs WEP - there is nothing about what these actually are and it contains stuff like this as an explanation: "Primary Radius Server IP Address - This field is required. Enter the IP address of the Radius Server on either WAN side or LAN side. "
Really? Wow. The "help" for the techno-babble contains yet more techno-babble with no further explanation. I have an understanding of what all the above means, but only because I have a passing interest in tech and not being cyber-raped by the script kiddies. Joe Average won't and the use of techno-babble will just freak them out on making changes, thus they are likely to leave everything at the insecure defaults.

I'm not asking for the above to be explained (my router is configured and works correctly), I am just pointing out that what precious little documentation is provided is utterly pathetic and totally useless. The little 12 page leaflet I got with the new washing machine contained lots of pertinent information on how it works, how to install it (which I did, the clear instructions made it really easy) and basic trouble shooting. If they can do it for a washing machine, they can do it for a router. There is no excuse.

Re:WTF is WPS? (1)

Grishnakh (216268) | more than 2 years ago | (#38539192)

Why is it so hard to have these things off by default and a clear explanation of what they are?

I'm no fan of WPS, but if it were off by default, then it'd be unusable. It only exists for morons who can't figure out how (or are too lazy) to log into their router's admin webpage and type in a passphrase. If someone figures out how to log into their router's admin webpage to turn WPS on, then there's little point bothering with the WPS any more because the passphrase part is right there.

Maybe they should put a physical switch on the backside of the router to turn it on. Of course, that'd add $0.30 in parts which would be an unacceptable hit on their bottom line.

And the push button...what push button? There's no button on the router.

Ok, that's weird. I thought all WPS implementations had a physical button on the router; the idea is that it's like modern garage door openers, where you press a button on main unit, then press the button on your remote control, to "sync them up". You sure there isn't a hidden button somewhere? The Linksys E1000 I just bought off Ebay has one that's molded flush with the case so it's a little hard to see (note: I upgraded this to DD-WRT and highly recommend this).

Re:WTF is WPS? (1)

ColdWetDog (752185) | more than 2 years ago | (#38539300)

Christ. This.

Can't somebody at Netgear find a native English speaker who can write clear, non technical documentation and maybe do it at least once? Or make it simple enough that you don't need documentation (the Apple Approach).

Happy fun ball, indeed!

Re:WTF is WPS? (1)

Knuckles (8964) | more than 2 years ago | (#38537324)

I wonder if people had to put up with the same elitist bullshit after the car become affordable to masses... or even the printed book.

But a line *was* drawn in the sand for the car - the driver's license. And in developed countries we try to give *everyone* the knowledge required to used a printed book.

Re:WTF is WPS? (1)

dbIII (701233) | more than 2 years ago | (#38537436)

WPS isn't that bad an idea really... it just turns out it has a bug

It's not a bug. It's a bad design that somebody thought was a feature and it was purely intentional.

Re:WTF is WPS? (3, Informative)

neokushan (932374) | more than 2 years ago | (#38536920)

The reason such a thing exists is because the good ol' secure password was too complicated for average-joe users to deal with. The precursor to this is Wireless routers that don't actually have a password set. To this day, you can still find unsecured wireless routers nearby and we all know what that leads to. The "easy" solution was put there so that routers could have security set by default, yet not confuse average-joe to the point where he just disabled it because it was the easiest thing to do.

And believe me, I worked for an ISP up until a few months ago - our Router/Modems (or Hubs, as they called them) now come with wireless security enabled. The default password (unique per hub) is written on the side of the device - and people still get confused and don't know what to do to connect their wireless.

Unfortunately, the implementation of the "easy" solution is the issue, not the solution itself. I mean, what's the point in having a secure PIN if you tell the user when they got the first half of it right? Especially if you don't prevent people from attempting thousands of connections.

Re:WTF is WPS? (1)

dbIII (701233) | more than 2 years ago | (#38537490)

To this day, you can still find unsecured wireless routers nearby

Not near me, but there are plenty of secured access points with names similar to "fOffUbastard".
As for passwords, something along the lines of the XKCD "correct horse battery staple" goes a long way - they laugh but they remember.

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38537520)

My old linksys wrt54gs required the running of a cd (while connected to the router over ethernet) to setup the router/wireless password, otherwise it just didn't function.

Re:WTF is WPS? (1)

geekmux (1040042) | more than 2 years ago | (#38537290)

It will not end until we literally take a stand against stupidity- draw a line in the sand, and say "If you can't comprehend this stuff, you don't deserve to use it".

-AC

No, actually it won't stop until people are running around with small computers comprised of nothing but a touch-screen, no keyboard, no mouse, and one large button that starts....er, oh wait...nevermind.

Re:WTF is WPS? (1)

indre1 (1422435) | more than 2 years ago | (#38537308)

Well I checked the manual for Thomson TG784 and it seems that if I use WPA/WPA2, then WPS is enabled by default and can't be disabled.
Maybe from CLI, but that's absurd...

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38537348)

Oh, I see. It's a tool for retards.

I tell you what: you are either a retard or the usual social-impaired troll living in the dark of your parents' basement.

My router is setup with 2 different wireless VLANs, one for home and one for friends that come over and want to hook to the router with the phone to play around on the interwebs (or for any other reason for what matters). So, when I need it, instead of being there like a retard dictating a 256 random characters password I keep things very simple: WPS has to be activated through a frontal button on the router and allows connecting for 2 minutes. If someone else is outside my house waiting for days for me to push the button and connects instead of my friend I will notice immediately. Not a big deal, lot of convenience.

You see? Once you get of the basement, there are plenty of things that may suddently to start to make sense. I agree these are just small things yet very convenient.

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38538126)

If you aren't a mechanic, it is your own fault when I cut your brake lines.

Re:WTF is WPS? (0)

Anonymous Coward | more than 2 years ago | (#38538370)

Thats like saying you deserve you car broken into because you didnt research which cars are the hardest to break into before buying. Being an internet elitist and spouting your alleged knowledge for e-peen doesnt change the law, or if not applicable where you live, what should be law. Nobody "deserves" it.

Re:WTF is WPS? (1)

digitalaudiorock (1130835) | more than 2 years ago | (#38538438)

I'll tell you one thing WPS is, apparently...an excuse for other hardware manufacturers to NOT supply an on-board means of entering a passphrase. The last all in one printer I bought (an HP-B209A) came with wireless, but no wired networking, and NO means to setup the wireless without WPS (which my router, thank God, doesn't have). The only way to set it up otherwise was to first install it as a USB printer solely to have a means of entering the wireless passphrase....can you imagine??

Re:WTF is WPS? (-1)

Anonymous Coward | more than 2 years ago | (#38538948)

Oh, I see. It's a tool for retards.

Seriously, if you can't admin your router and at least setup a WPA2 protected network without resorting to some sort of giant "easy button", then you have absolutely no right to complain when someone breaks into your network and does whatever it is script kiddies do these days.

This dumbing down of consumer electronics needs to stop. Dilbert said something to the effect of "If you idiot proof something, someone invents a better idiot" (Scott Adams may not have come up with that quote, but that's where I first read it). Therefore, by trying to produce equipment that targets the stupidest of the stupid, we're only dooming everyone to greater depths of stupidity.

It will not end until we literally take a stand against stupidity- draw a line in the sand, and say "If you can't comprehend this stuff, you don't deserve to use it". This "black box" user thing has gone too far. Especially when I read about retarded things like WPS that serve no useful purpose then to let idiots use gear that they would not normally be able to- either because the manufacture fucked up the design and turned it into some obfuscated piece of crap, or because the user simply has no desire to understand things that must surely seem magical to them.

-AC

Brilliantly stated

Re:WTF is WPS? (1)

LordLimecat (1103839) | more than 2 years ago | (#38539316)

I agree!

Im also of the opinion that the 1040 EZ Tax form needs to be gotten rid of, and that companies like HR Block need to disappear. If youre too stupid to understand the intracacies of the tax system, why, you have no business making money in the US.

And I think going to a doctor is practically cheating. If you cant suture your own injuries, you really have no room to complain when you get an injury at all.

Life sure is good for those of us who are experts in every field.

Doesn't compile on OS X (0)

Anonymous Coward | more than 2 years ago | (#38536752)

If you were thinking of downloading it to give it a go on a mac, it doesn't seem to compile. (It may say more in the docs, I wasn't interested enough to read them.)

Re:Doesn't compile on OS X (1)

93 Escort Wagon (326346) | more than 2 years ago | (#38536786)

Docs state reaver only compiles on Linux - but on my 64-bit RHEL6 box it fails to find libpcap (even though it's installed, and even when I explicitly pointed ./configure to it).

I'm going to see if I can get it installed on a Mac with some fink voodoo...

Re:Doesn't compile on OS X (0)

Anonymous Coward | more than 2 years ago | (#38536802)

It is common nowadays, that developer forget to have placeholders in the makefiles to actually make use of the configure output.

Re:Doesn't compile on OS X (1)

93 Escort Wagon (326346) | more than 2 years ago | (#38536834)

It is common nowadays, that developer forget to have placeholders in the makefiles to actually make use of the configure output.

In the linked blog post it is claimed that "This is a capability that we at TNS have been testing, perfecting and using for nearly a year." You'd think they'd have written better code if they've been working on it that long...

Re:Doesn't compile on OS X (0)

Anonymous Coward | more than 2 years ago | (#38538470)

Responsible security researchers modify the code they release so that it needs an intelligent human to compile it. This decreases the amount of script kiddies using their code but still allows for full disclosure to fellow researchers.

Re:Doesn't compile on OS X (4, Informative)

buchanmilne (258619) | more than 2 years ago | (#38536928)

yum install libpcap-devel

No, it's not on the RHEL6 installation media, you have to have registered the box for RHN.

(RH is really pathetic this way, lots of useful packages are left off the installation media, seems they are forcing you towards satellite, but if you don't have the bandwidth for satellite, or need to setup a box without internet access, sorry for you if you want to something like use oscap - they give you openscap, but not openscap-utils). Oracle is better in this regard, with a public yum repo for release packages (not updates). Of course, CentOS gives you everything, as do all other community-oriented distros.

Re:Doesn't compile on OS X (1)

93 Escort Wagon (326346) | more than 2 years ago | (#38539026)

yum install libpcap-devel

Yeah, that's what I would've thought too - but it appears that package isn't in either RHEL or EPEL (for 64-bit EL6 anyway).

And yeah, the box has an honest-to-goodness subscription... as part of a campus license.

Re:Doesn't compile on OS X (1)

hcs_$reboot (1536101) | more than 2 years ago | (#38536938)

On Linux you have to install the libpcap-dev (look into the synapsis packages tool).

On the Mac, you'll miss the <linux/types.h> include - not sure that's all, but if it is, you should be able to find a patch easily.

Re:Doesn't compile on OS X (1)

Mojo66 (1131579) | more than 2 years ago | (#38537916)

This project uses the Wireless Extensions Library to interact with the Wifi hardware, i.e. iwconfig and stuff, which is completely incompatible with OS X.

Re:Doesn't compile on OS X (1)

Grishnakh (216268) | more than 2 years ago | (#38539244)

On Linux, the Wireless Extensions library is deprecated. They really should be using cfg80211/nl82011 for that stuff.

Thanks (1)

hcs_$reboot (1536101) | more than 2 years ago | (#38536778)

I really didn't want to be doing any programming during new year's holiday.

What purpose? (2)

gnasher719 (869701) | more than 2 years ago | (#38536792)

Seriously, what non-malicious purpose would this tool have? Anybody who read about the vulnerability knows how it works; there is no need to have a sample attack because it is obvious how this works; having an exploit tool cannot have any legitimate uses.

Re:What purpose? (0)

Anonymous Coward | more than 2 years ago | (#38536808)

Maybe it's handy for verifying you are vulnerable?

Although I'd have to admit anyone actually using WPS probably isn't interested enough to even know such a tool exists...

Re:What purpose? (4, Interesting)

93 Escort Wagon (326346) | more than 2 years ago | (#38536818)

Maybe it's handy for verifying you are vulnerable?

Although I'd have to admit anyone actually using WPS probably isn't interested enough to even know such a tool exists...

Well, since the claim is most routers are vulnerable by default, I can see value in using this as a test tool - both against your router's current configuration and after you've supposedly disabled WPS.

And, speaking as an owner of an Apple router, I'd like to verify whether my belief that the Airport Extreme doesn't enable a PIN by default is correct.

Re:What purpose? (1)

subreality (157447) | more than 2 years ago | (#38536822)

End users and vendors alike will dismiss any threat as merely theoretical until it's actively being exploited. The real question is when to release, not if.

Re:What purpose? (4, Insightful)

jamesh (87723) | more than 2 years ago | (#38536866)

Seriously, what non-malicious purpose would this tool have? Anybody who read about the vulnerability knows how it works; there is no need to have a sample attack because it is obvious how this works; having an exploit tool cannot have any legitimate uses.

Sure it does. If a customer questions why this should be audited and fixed on their network immediately I can tell them that there is exploit code publicly available that anyone can download and use and have access to the network in 4-10 hours instead of talking about theoretical bad guys who might have obtained a theoretical exploit from somewhere. It makes it a "fix this now" problem with a known risk instead of being put off and treated as a low risk security issue and never fixed. In my case hopefully it's just a quick audit to make sure nobody else has put a WPS enabled AP onto the network, but it still needs to be done.

Maybe you don't remember Slammer/Nimda/Code Red, and a few others of that era. The exploits used were well known and patches were available for a while beforehand but a lot of people never bothered patching because of the perceived low risk and "doesn't apply to me". Ditto for a few Linux ssh and ftp exploits.

Mac version (0)

Anonymous Coward | more than 2 years ago | (#38536794)

We need a Mac OS X/Freebsd version of this tool.

Re:Mac version (1)

Anonymous Coward | more than 2 years ago | (#38536840)

It is open source! Go on and compile it yourself. If it does not work on Mac OS X then feel free to fiddle around and fix the code and submit a patch.

A year huh? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38536826)

from: http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.htm [tacnetsol.com]

This is a capability that we at TNS have been testing, perfecting and using for nearly a year. But now that this vulnerability has been discussed publicly we have decided to announce and release Reaver

Very nice way to make a profit there guys and ignore responsible disclosure.

Turn off WPS (1)

shione (666388) | more than 2 years ago | (#38536858)

Looks like it might be a good idea to turn off the WPS service if you can.

In my Billion 7800n I did this: http://screenshots.portforward.com/Billion/BiPAC_7800N/WPS.htm [portforward.com]

If your router doesnt allow you to do that then in the LAN settings, block all ips not being used by your devices.

ALL YOUR BASES ARE BELONG TO US !! (-1)

Anonymous Coward | more than 2 years ago | (#38536940)

I say, shoot all the crackers. That will solve the problem soon enough !!

shooting crackers... (0)

Anonymous Coward | more than 2 years ago | (#38537148)

Where's my DAMN ice cream???

Nerd points and internets if you follow.

Also... first thought was that shooting crackers won't matter since all the tech jobs are going to Asia.

incredible (2)

Njovich (553857) | more than 2 years ago | (#38536948)

From the product page:

WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network."

And they thought that was a good idea to implement without even substantial rate limiting or such? What the hell were they thinking?

Re:incredible (1)

Anonymous Coward | more than 2 years ago | (#38536974)

What the hell were they thinking?

They wanted to make easy targets for law enforcement wiretapping? They wanted to let people use each other's routers for better anonymity?

Re:incredible (1)

AHuxley (892839) | more than 2 years ago | (#38537182)

The same thinking that went into the 56 bit Data Encryption Standard as been "free of any statistical or mathematical weaknesses"?
http://cryptome.org/nsa-v-all.htm [cryptome.org]
If its crypto and many people use it - expect it to be weak, carrieriqed ect.
The real trick is getting so many very very smart people to buy into wifi and use it around the world as usable.... safe....

Re:incredible (4, Informative)

Njovich (553857) | more than 2 years ago | (#38537076)

Err, sorry, guess I was wrong, there is some rate limiting, just they have this other insanity (from el reg):
 

Eight digits should produce 100,000,000 possible combinations, and testing various routers Viehböck found it took an average of around two seconds to test each combination. So brute forcing should take several years unless the router was particularly responsive.

But the protocol used by Wi-Fi Protected Setup reports back after the first four digits have been entered, and indicates if they are right, which means they can be attacked separately. The last of the eight digits is just a checksum, so having got the first four the attacker only then has to try another 1,000 combinations (identifying the other three digits) and the entire PIN is known.

That combination means that our attacker only has to try 11,000 different combinations to find the right PIN, reducing the attack time to a couple of hours.

Re:incredible (1)

TheSpoom (715771) | more than 2 years ago | (#38537826)

But the protocol used by Wi-Fi Protected Setup reports back after the first four digits have been entered, and indicates if they are right, which means they can be attacked separately. The last of the eight digits is just a checksum, so having got the first four the attacker only then has to try another 1,000 combinations (identifying the other three digits) and the entire PIN is known.

Wow, that's dumb. I hope this wasn't put together by someone who considers themselves a cryptography professional.

US gov't only? (1)

wandernauta (2041244) | more than 2 years ago | (#38537060)

Tactical Network Solutions' site mentions that they only sell to "U.S. federal, state, and local government agencies". What on earth would gov't institutions do with something that's essentially the digital equivalent of a crowbar? Isn't it much easier and more ethical for governments to get a court order to get the information they want, instead of breaking into WiFi networks? What on earth is going on here?

Re:US gov't only? (1)

zefrer (729860) | more than 2 years ago | (#38537132)

What's going on is that supposedly white hat 'security' firms are actually writing cracking software for assorted goverments. Meanwhile cracking software is illegal in many countries unless you happen to be the goverment or aforementioned 'security' firms.

Nothing to see here, move along now and so on..

Re:US gov't only? (0)

Anonymous Coward | more than 2 years ago | (#38537168)

They also want to protect themselves from crowbars, so they hire people to make crowbars so that they know what kind of anti-Gordon technology to acquire.

Re:US gov't only? (2)

geekmux (1040042) | more than 2 years ago | (#38537356)

Tactical Network Solutions' site mentions that they only sell to "U.S. federal, state, and local government agencies". What on earth would gov't institutions do with something that's essentially the digital equivalent of a crowbar? Isn't it much easier and more ethical for governments to get a court order to get the information they want, instead of breaking into WiFi networks? What on earth is going on here?

I sincerely hope you're joking with this. If you, I or anyone else only knew of the millions many three-letter agencies have spent on shit like this over the years...and in this day and age of warrantless wiretapping and eavesdropping, do you really have to wonder what any "U.S. federal, state, and local government agencies" would do with a "digital crowbar"? Please.

And remember, only Black Hats write "cracking software". White Hats offer "security affirmation solutions". There's a difference, although it's usually isolated around the price tag.

Deniability (2)

Bengie (1121981) | more than 2 years ago | (#38537124)

I wonder if people will use this as an excuse for in court cases and claim they didn't do something and blame it on someone "Hacking" their network.

Re:Deniability (0)

Anonymous Coward | more than 2 years ago | (#38538286)

You say Deniability. I say Reasonable Doubt.

Wi-Fi–Hacking Neighbor From Hell Sentenced to 18 Years [wired.com]

A Minnesota hacker prosecutors described as a “depraved criminal” was handed an 18-year prison term Tuesday for unleashing a vendetta of cyberterror that turned his neighbors’ lives into a living nightmare.

Barry Ardolf, 46, repeatedly hacked into his next-door neighbors’ Wi-Fi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden.

Anyone know how this should be running? (1)

atari2600a (1892574) | more than 2 years ago | (#38537336)

I have it going in verbose mode it waits on a beacon when there's no current connection then when I have it connected to my router already it just cycles through all the channels (even the ones I legally shouldn't be able to connect to, so it's nice to know I don't have a hardware cap on that)

So it takes 4 to 10 hours.... (0)

rrossman2 (844318) | more than 2 years ago | (#38537376)

As they state (or 1-5), but correct me if I'm wrong (I've done it with WEP so I *know* I'm right on that one).... it takes less time to just crack WEP and WPA.

At least I believe so on the WPA, never did it before but I recall there being a vulnerability that made it fairly trivial to crack. Sad thing is if you drive around scanning, you'll still find a ton of people using WEP.

Basically this is no real worry if you're using WPA (or WEP even though it does apply here) because WPA is just as flawed as WPS, or maybe even more so since higher traffic = less time to crack when it comes to WPA (and WEP). So the only real concern is for those using WPA2

Re:So it takes 4 to 10 hours.... (1)

Anonymous Coward | more than 2 years ago | (#38537682)

You are *NOT* right for WPA (at least if the password is strong enough).
http://www.smallnetbuilder.com/wireless/wireless-howto/30278-how-to-crack-wpa--wpa2

Can you guess 2 4 digit numbers? (1)

sgt scrub (869860) | more than 2 years ago | (#38537708)

At first glance I thought the error was something along the line of letting the attacker know the user names so they only have to guess the password. I was mistaken. It literally helps the attacker figure out the PIN so instead of guessing 8 digits you guess two 4's.

Re:Can you guess 2 4 digit numbers? (1)

spydir31 (312329) | more than 2 years ago | (#38538866)

Worse than than, you guess 4 digits, then guess 3 (as the last digit is a checksum)

just leave the wlan unencrypted (0)

Anonymous Coward | more than 2 years ago | (#38537824)

but only accept connections to a openvpn-server. So everyone who wants to can use your AP to connect devices to each other, but only people with the right openvpn-certificates can go online.

It's All Stupid (0)

Anonymous Coward | more than 2 years ago | (#38538040)

Yes, WiFi security setup is too complicated for retail routers. No, we don't need another vulnerable or otherwise method of facilitating the security setup.

WiFi routers should have two things. A button, not easily pressed almost like the reset button, and a LCD screen. The router should, by default, generate a random WPA2 pass phrase. The button should cause a new one to be generated. The WPA pass phrase should be displayed on the LCD screen.

This way, security is on by default and the user simply has to look at the router to see the pass phrase in use. Those that are willing to do the work can perform manual configurations and even complete neophytes can fairly easily change the pass phrase by pressing a single button. But the button is sufficiently hard to press that they will not accidentally press it and "break" an existing setup. Cisco!

This way it is secure by default without the need for different protocols, setup discs, manual configuration, it just works. For those that take issue with the pass phrase being displayed on the router, there are few cases where this is a legitimate concern. And in those few cases, the risk can be mitigated by covering the LCD with tape or manually turning off the display in the configuration.

Re:It's All Stupid (2)

am 2k (217885) | more than 2 years ago | (#38538214)

Coming from embedded device development, I can tell you that adding an LCD display is waaaay too expensive for these kind of devices to be considered. It's not only the LCD display itself, you also need the controller and the software to control it.

As a contrast, in the company I worked there was a bounty on reducing the BOM price. One employee won it with a 10 cents/piece reduction by using cheaper rubber material for the printer unit's paper transport system. The result was that the device was completely unusable (I had one of them on my workplace there), you had to supply the sheets manually one by one so it didn't mess up. But hey, it was 10 cents cheaper, so they went right ahead.

Re:It's All Stupid (0)

Anonymous Coward | more than 2 years ago | (#38538546)

I disagree. LCD screens are cheap, though more than ten cents. Some manufacturers already have LCDs on the devices, but they use the screens to display useless stats("but it looks cool"). The software is trivial and widely available. Most of these devices already use Linux anyway.

What's the cost of implementing a totally new protocol and then having to reissue firmware because the protocol has been compromised?

Re:It's All Stupid (1)

gl4ss (559668) | more than 2 years ago | (#38539340)

I disagree. LCD screens are cheap, though more than ten cents. Some manufacturers already have LCDs on the devices, but they use the screens to display useless stats("but it looks cool"). The software is trivial and widely available. Most of these devices already use Linux anyway.

What's the cost of implementing a totally new protocol and then having to reissue firmware because the protocol has been compromised?

cost? you mean profit. the cost is on the consumer, not on the company.

My AP is too old.. (1)

Junta (36770) | more than 2 years ago | (#38538868)

My AP predates WPS, but after reading about it, I can't believe they designed it as an ongoing capability. Once used, it should have defaulted to disabling it until some factory reset button was pressed to resurrect it. When I first heard of it, I thought it would simply be an improvement over the old days of unprotected wifi to start, but clearly they messed up..

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?