Wi-Fi Protected Setup easily unlocked by security flaw
Couple of hours of brute force will crack a network's PIN
Security researcher Stefan Viehböck has demonstrated a critical flaw in the Wi-Fi Protected standard that opens up routers to attack and has prompted a US-CERT Vulnerability notice.
Wi-Fi Protected Setup (WPS) is used to secure access to wireless networks and requires each router to have a unique eight-digit PIN. One mode of use allows a device to connect by just presenting that PIN, opening the way for a client to just try every available PIN. Worse still, the protocol splits the PIN into two halves which reduces the attack time to a couple of hours.
Eight digits should produce 100,000,000 possible combinations, and testing various routers Viehböck found it took an average of around two seconds to test each combination. So brute forcing should take several years unless the router was particularly responsive.
But the protocol used by Wi-Fi Protected Setup reports back after the first four digits have been entered, and indicates if they are right, which means they can be attacked separately. The last of the eight digits is just a checksum, so having got the first four the attacker only then has to try another 1,000 combinations (identifying the other three digits) and the entire PIN is known.
That combination means that our attacker only has to try 11,000 different combinations to find the right PIN, reducing the attack time to a couple of hours.
In documented tests (PDF, surprisingly understandable) Viehböck found that of all the routers he tried only the one from Netgear had any sensible response to being repeatedly presented with incorrect PINs, slowing its responses to mitigate against the attack, but with only 11,000 combinations to try that only extended the attack time to a day or so.
Most services will start to slow up when incorrect credentials are presented repeatedly, but it seems router manufacturers have relied on the huge number of possible PINs to keep them safe. Hopefully that means a simple software fix, but until then the US-Cert is recommending that WPS be switched off, and going back to the MAC Address white list. ®
For the mathematically curious...
...here's a (very simplistic) visualisation of how researchers arrived at the "10^4 + 10^3 = 11,000 attempts" figure:
First off, you send PIN association packets to the Wi-Fi router, starting with
-- -- "0000 0000" (space added between quads for clarity)
and increment the upper quad by one, like so:
-- -- "0000 0000"
-- -- "0001 0000"
-- -- "0002 0000"
-- -- "0003 0000"
Each time the "probe PIN" is sent, the router replies with a message that tells the device if the upper quad (the first four digits) is incorrect. Since the upper quad is four digits long, you only need to send at most ten thousand (10^4) "probe PINs" -- from "0000 0000" to "9999 0000" -- to determine what the first four digits of the real PIN actually are.
For purposes of this discussion, we will say the correct upper quad is "4976." This presumably took us 4,977 guesses, if we started at "0000 0000," and tested the upper quad sequentially.
Once you know the first four digits, you only need to guess the first three digits of the lower quad -- from "000" to "999," or one thousand (10^3) combinations -- to find the rest of the PIN. The last digit is deterministic, since it's calculated mathematically from the first seven digits, and used as a checksum:
-- -- "4976 000[checksum]"
-- -- "4976 001[checksum]"
-- -- "4976 002[checksum]"
-- -- "4976 003[checksum]"
Again, for purposes of discussion, we'll presume that the correct first three digits of the lower quad are "387," with the calculated checksum appended at the end.
Thus, given an upper quad of "4976" and a correct lower quad of "387[checksum]," we should be able to find our association PIN in
-- -- 4,977 + 388 = 5,365
Never recommend security practices that don't provide real benefit. Your MAC address can be obtained by packet sniffing, being an unecrypted part of the data. The attacker can spoof an address on the whitelist.
A whitelist makes the wireless network harder for legitimate users (e.g. visitors) to connect, but is no real obstacle to a hacker. Creating a false sense of security can lead to complacency that actually reduces real security.
Oh FFS, that's terrible..
I'd always assumed WPS was broken security and disabled it wherever I find it, reasoning my long pass phrases (a whole sentence in most cases) would be far more secure and I can remember them in my head.
But this is even worse than I could have imagined! Some Kudos to Netgear for seeming to realise the vulnerability but surely after even 20+ incorrect pins in quick succession it should be blindingly obvious a brute force attack is in progress and the feature disabled for a while at least... This is some king-size fail, it's like it's 1999 and we're all using WEP again!
Worth noting that however many guesses calculated here is the maximum required, luckier tries could crack in a much shorter time.