July 24, 2014

Wi-Fi Protected Setup Vulnerable to Brute Force Attack

(LiveHacking.Com) – Security researcher Stefan Viehböck has revealed a design and implementation flaw in Wi-Fi Protected Setup (WPS) that that makes Wi-Fi networks vulnerable to brute-force attacks.  US CERT has issued an advisory which suggests disabling WPS. The WPS specification has three methods of simplifying the connection of wireless devices to WPA2 protected access points. One of those methods involves using an eight digit PIN from a label on the router which authorizes the client to obtain the WPA2 configuration details.

An eight digit pin should have 100,000,000 different combinations, however a design flaw means that one of the digits is just a checksum and so reduces the possibilites down to 10,000,000. However the real weakness is that the protocol is designed in such a way that the first half and second half are sent separately and the protocol will confirm if just that half is correct. This reduces the number of PIN possibilities to 10,000 (4 digits) plus 1,000 (3 digits as checksum can be calculated) which is just 11,000 possibilities.

According to Viehböck  this means that some routers, which don’t employ any mechanisms to slow down brute force attacks, can be cracked within 44 hours. More information about this vulnerability can be found in Stefan’s paper: Brute forcing Wi-Fi Protected Setup. He has also released a PoC Brute Force Tool that can be found here.

Note: This vulnerability was also independently discovered by Craig Heffner (/dev/ttyS0Tactical Network Solutions) who has released a tool called “Reaver” on Google Code.

Top 10 Passcodes to Avoid Using on Your iPhone

Daniel Amitay, the developer of Big Brother Camera Security, added some code his app to anonymously record common user passcodes and the results are quite interesting. The app collected 204,508 passcodes and Daniel discovered that 10 common passcodes were used in over 15% of the cases. This means that you have a greater than 1 in 10 chance of breaking into someones cell phone by just trying the ten most common passcodes listed below.

  1. 1234 – 8,884 uses or 4.34%
  2. 0000 – 5, 246 or 2.5%
  3. 2580 – 4,753
  4. 1111 – 3,262
  5. 5555 – 1,774
  6. 5683 – 1,425
  7. 0852 – 1,221
  8. 2222 – 1,139
  9. 1212 – 944
  10. 1998 – 822

As expected, 1234 is the most common passcode and the other passcodes follow typical formulas, such as four identical digits (0000,1111,5555,2222) or moving in a line up or down the pad (2580 & 0852). 5683 isn’t instantly clear, but if you look carefully at the letters on the numbers you will see it spells “love”.

In 2010 Imperva released a study analyzing 32 million passwords and found that the 10 most commonly used passwords for computers and Internet accounts were:

  • 123456
  • 12345
  • 123456789
  • Password
  • iloveyou
  • princess
  • rockyou
  • 1234567
  • 12345678
  • abc123