Tuesday, 10 January 2012

Cracking WPA/WPA2 easily using WPS Vulnerability

Just when you thought that WPA/WPA2 would be secure by setting a long enough password that is not a dictionary word, there is a vulnerability that has been exploited to crack the WPA/WPA2 key. Well to be exact the vulnerability is in the WPS (WiFi Protected Setup).  It is a bruteforce vulnerability to find the PIN for the WiFi Protected Setup. Since, once the PIN is cracker, the WPA/WPA2 key can be recovered.

It was discovered by Stefan Viehböck. Here's his excellent paper on the vulnerability :-  http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

Anatomy of the WPS PIN BruteForce Attack Vulnerability :-

WPS was designed by the Wi-Fi Alliance in 2007, to enable users with little knowledge of traditional WiFi technology to configure WiFi networks. Various vendors have adopted this technology to make their products WiFi CERTIFIED for the WPS.

As intended to be, the WPS is not so secure and consist of some design and implementation flaws.

Part 1 :

For authentication, the WPS supported APs ask for a PIN that is mentioned on the back side of the router. Or else you also have the option of pressing a button on the router to connect and configure the device. Both of these require physical access of the device.

It is the same when an external user (who is not connected with the device) tries to configure it, the user just has to supply the PIN mentioned on the back of the device. The AP then supplies the external user with the WPA/WPA2 key. 

Configuration screen to access the AP through WPS :-



Form to enter the PIN mentioned on the back of the AP device :-




WPS PIN is mentioned on the backside of the AP device :-


 

Part 2 :

The vulnerability lies in the fact that an external user can bruteforce on the PIN number to connect to the AP, since there is no more layers of authentication apart from the PIN. Although, some devices support lockout after particular number of failed attempts, it is usually just for a short duration.


Part 3 :

The 8 bit PIN is divided into 2 parts as follows :-

 





Whenever the WPS authentication fails at any point, the AP will respond with an EAP-NACK message. The point at which the EAP-NACK message is received, determines if the 1st or 2nd part of the PIN is incorrect. This way the authentication attempts required are reduced from 10^8 (=100.000.000) to 10^3 (=11000)

Here is the flowchart for the BruteForce Methodology (courtesy Stefan Viehböck) :-  





Part 4 :

Time duration required :- Apparently, each authentication requires between 0.5 to 3 seconds to complete. So, if there is no blocking mechanism from the AP, at 1.3 seconds/attempt, we can try all possible PIN combinations in less than 4 hours.


Part 5 :

Mitigation :-
The best solution is to deactivate the WPS funtionality in your AP, although this may not always be possible.

This requires the vendors to implement sufficient lockout periods from the AP. Unfortunately, this would require a updating the firmware, not a very viable solution, so most APs would remain vulnerable to these attack.

No comments:

Post a Comment