New Security Breach Affecting Wireless Access Points

[SIZE="3"]
My name is Mike Adams. I am an EnCase Certified Digital Forensics Examiner and a reporter for an online news and information organization named Examiner.com

A few days ago I received notice of a security breach affecting Wireless Access Points using WPS security protocols. The noticed was from U.S. C.E.R.T. - The U.S. Cyber Emergency Response Team, a division of U.S Homeland Security. The notice went on to detail that any Wireless Access Point can be breached in as little as four to ten hours by monitoring the network traffic which will allow the 8 digit PIN to be cracked which in turn allows the security pass phrase to be cracked. Once that pass phrase is cracked, the network is yours to exploit. My brief article follows. Read on for more details.


This is an extraordinary announcement brought to you by Examiner.com concerning the security of WiFi systems everywhere. The “US – C.E.R.T.” - United States Computer Emergency Readiness Team - a division of the US Dept. of Homeland Security, has released an urgent technical alert informing the public of a newly discovered security fault in WiFi systems using WiFi Protected Setup. This alert states that any system with a WAP (Wireless Access Point*) utilizing WPS (WiFi Protected Setup) is now at risk of being breached. The design flaw intrinsic to WAPs is wide-ranging and places sensitive data in looming jeopardy.

WPS was developed by the WiFi Alliance to provide a basic configuration procedure for WAPs, and devices ‘talking’ to the WAPs, by using a PIN (Personal Identification Number). Later additions to the network would also be facilitated by using the PIN. Now it has been discovered that an attacker, within radio range of your WAP, can use easily available software to gain access to your network within only 4 to 10 hours.

While not every WAP uses WPS many do.

Do you remember being instructed to create a PIN during your WAP configuration? If so you used WPS and are now in danger.
Remember that the attacker must be within radio range of your system. Moreover, think about the data traveling through your network. If your data could greatly profit others then you are a high priority target. Otherwise, if you are only surfing the Internet, exchanging e-mails about dinner, and discussing Aunt Sally's cold, then you are a lower priority target. Either way you still need to terminate any online sessions that involve money or credit cards.

What can you do? With some WAPs it is possible to disable WPS or configure the WAP without a PIN. If you are at ease with this then do it. Further, most WAPs provide a firmware update option in the configuration menu. If you are at ease with that procedure do it. All users should note the make and model of their WAP, go to the manufacturer’s website, and look for additional directions. If they are not yet available keep trying.

Check the following URLs for important information. As always note your questions and remarks in the comments section. I will drop by and respond as quickly as possible.

• WAPs are Wireless Routers, Wireless Printer Ports, Wireless Signal Extenders, and other devices that commonly transmit and receive wireless data.

• Technical Alert @ http://www.us-cert.gov/cas/techalerts/TA12-006A.html

• Vulnerability Note @ http://www.kb.cert.org/vuls/id/723755 (IMPORTANT - Be sure to note the Vendor Information section)

• Search for a Google spreadsheet called “WPS Vulnerability Testing”

Mike Adams - Prime Focus Forensics, Central Texas.
[/SIZE]