Why you should always turn off WPS on your wireless network.

Many people are using wireless networks with WPS turned on. This allows a user to enter a pin or press a button to allow a new device to connect. But this approach will fall easily to brute force attacks unless the router has rate limiting enabled, this prevents brute forcing the WIFI, although even this can be bypassed temporarily. Using something like wifite on Linux to attack the WIFI using a WPS Pixie dust attack is the best way to attack a wireless network with this feature enabled. This can allow a malicious user to crack the WIFI in one minute. Here is an example, this is using Reaver and attacking vulnerable WIFI networks with WPS enabled. Kali Linux 2.0 has the wifite WIFI cracking software that supports this attack, and can make compromising a wireless network very easy. Another attack vector is the fact that someone that has successfully gotten into a wireless network can access the router configuration by visiting the IP address that is either 10.1.1.1 or 192.168.1.1. If there is a password, the user can get it off the Internet. It is easy to find out what brand the router is and there are default passwords for Netgear, Dlink and Belkin modem-routers.

Look this up here: http://www.routerpasswords.com/. It is also important to regularly update the firmware on your modem-router, this will help a bit to prevent security issues.

Cracking a WIFI network with wifite.
Cracking a WIFI network with wifite.

The above screenshot shows an attack against a WIFI network that is using WPA2 to secure the wireless network. The wireless PSK was: a1b2c3d4e5 and the WPS pin was: 45492921. The WPS Pixie attack allowed me to crack the WIFI network and get the PSK without a wordlist or rainbow tables. This is the easy way to gain access to a remote network. This article mentions the use of Reaver to crack a wireless WPS pin. But as mentioned earlier in this post, if rate limiting is enabled, as it is on my AP, then this attack will be greatly slowed. This is why there are so many infosec guys that are making a living penetration testing networks, because so many of them are insecure. And users that have default username/password combinations like ‘admin admin’. As they could not be bothered changing the default passwords. But this is just one attack vector on a home or business network. Opening ports on an IP address that faces the Internet is another bad idea, this must be secured. It is not always necessary to open the default ports. A service like OpenVPN can be used on port 443 and this will look just like normal HTTPS traffic, therefore the connection could be made through a normal firewall without having to open other ports.

No comments have been made. Use this form to start the conversation :)

Leave a Reply