Page 1 of 3 123 LastLast
Results 1 to 15 of 43
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    719
    Thanks
    11
    Thanked 71 Times in 56 Posts

    Putting Wi-Fi router's security to the test




    TOP STORY

    Putting Wi-Fi router's security to the test


    By Fred Langa

    If your Wi-Fi router supports Wi-Fi Protected Setup (WPS) — and most newer home/small-business routers do — it might easily reveal its passwords to a readily available hacking tool.
    You can use that tool to be 100 percent certain your router isn't vulnerable to malicious WPS hacking. Here's how.

    The full text of this column is posted at windowssecrets.com/top-story/putting-wi-fi-router-s-security-to-the-test (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,828
    Thanks
    88
    Thanked 347 Times in 312 Posts
    Quote Originally Posted by Kathleen Atkins View Post
    Surprise! Broken link again.

    Would it be an idea not to use titles which contain apostrophes, as that breaks links every month?

    Bruce

  3. #3
    New Lounger
    Join Date
    Aug 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    We are kidding ?

    Good gravy...if testing for WPS sensitivity and the possibility of insecure passwords, can this Linux process be made any more complex, extravagant or time-consuming ?

    Regardless of how needed or extensive this Linux app may be...

    Surely this tool or its inner testing code can be had as a native Windows or Mac application, even if it's a boot-able app ?

    Joe

  4. #4
    3 Star Lounger
    Join Date
    Nov 2007
    Location
    Baerum, Norway
    Posts
    250
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Can't believe that anyone would widely broadcast this kind of information. Yes, it may help a few to lock up their router security but its my bet that it will open the gateway for others with less honest intents to 'give it a go' ...
    Surely machine gunning is not the wise way to approach sensitive material and as for the comment ... Please don't use Reaver for any purpose other than testing your own router's security! ... ​what an open invitation!

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Montreal, Quebec, Canada
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Would anyone in their right mind ever try to follow that ridiculously complicated route? I stopped reading about half-way through and thought "NO WAY"

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Houston, TX
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There is no mention of WPA2 (personal). Please advise how the use of this rather than just WPA will or will not prevent hacking.

    Russ

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,354
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    WPA2 supports a different encryption algorithm, AES, not supported by WPA. If you use WPA2, you are ok (generically speaking). You won't be immune to the WPS hack, though.
    Last edited by ruirib; 2012-12-20 at 16:40. Reason: Clarify the meaning of my statement

  8. The Following User Says Thank You to ruirib For This Useful Post:

    Dick-Y (2012-12-20)

  9. #8
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,828
    Thanks
    88
    Thanked 347 Times in 312 Posts
    Quote Originally Posted by ruirib View Post
    WPA2 supports a different encryption algorithm, AES, not supported by WPA.
    But what has that got to do with WPS and the topic of the article?


    Quote Originally Posted by ruirib View Post
    If you use WPA2, you are ok.
    The flaw allows a remote attacker to recover the WPS PIN in a few hours and, with it, the network's WPA/WPA2 pre-shared key.
    http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

    A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup, allows WPA and WPA2 security to be bypassed and effectively broken in many situations.
    WPA and WPA2 security implemented without using the Wi-Fi Protected Setup feature are unaffected by the security vulnerability.

    http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access


    Bruce
    Last edited by BruceR; 2012-12-20 at 15:05.

  10. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,354
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by BruceR View Post
    But what has that got to do with WPS and the topic of the article?

    The flaw allows a remote attacker to recover the WPS PIN in a few hours and, with it, the network's WPA/WPA2 pre-shared key.
    http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

    A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup, allows WPA and WPA2 security to be bypassed and effectively broken in many situations.
    WPA and WPA2 security implemented without using the Wi-Fi Protected Setup feature are unaffected by the security vulnerability.

    http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

    Bruce
    I didn't mean to imply that the use of WPA2 would prevent the WPS flaw, because it does not. I understood the question in a different way, since it was clear to me that the WPS security fault did not depend on the encryption used - you don't need to know anything about the encryption used or the password used, to add a device using WPS!
    I saw the question as a generic one, but it's clear now that I should have seen it in terms of the WPS vulnerability.

    I have now clarified my statement.

  11. #10
    Star Lounger
    Join Date
    Dec 2009
    Posts
    71
    Thanks
    1
    Thanked 1 Time in 1 Post
    Fred Langa says:
    Fortunately, there's an easy shortcut: run Reaver via a preconfigured, live Linux installation on a bootable DVD. There's almost no setup or configuration involved; no partitioning, reformatting, or any similar operations; and your original Windows setup remains untouched and unchanged.
    But then also says:
    To download and install Reaver — and to do your test-hacking later — you need to open a Linux command-line Terminal window.
    If Reaver must be installed, how can my Windows setup remain untouched?

  12. #11
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,354
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by tb75252 View Post
    Fred Langa says:
    But then also says:

    If Reaver must be installed, how can my Windows setup remain untouched?
    You will install it in the Linux OS, that you will have booted from the DVD, so your Windows will remain untouched.

  13. #12
    New Lounger
    Join Date
    Dec 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    BackTrack Can't Find Wireless Networks

    Even though my SSID is being broadcast BT5 can't find it. Even if I search for hidden networks and input SSID it still cant find it. Guess it's having trouble finding/using my wireless card. I'm using an Alienware M18XR2. Any suggestions?

    Great article BTW. Have used Gibson Research for years to "attack" my home network.

  14. #13
    New Lounger
    Join Date
    May 2011
    Posts
    15
    Thanks
    4
    Thanked 0 Times in 0 Posts

    So now what next?

    OK then, being a network neophyte I disabled WPS on my Belkin G router, leaving WPA/WPA2 PSK active.
    Now my Smartphone doesn't connect, so what good is my WiFi system? How can I make it secure and useful without buying a new router?
    Thanks for any help.

  15. #14
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,354
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by mapletrail View Post
    OK then, being a network neophyte I disabled WPS on my Belkin G router, leaving WPA/WPA2 PSK active.
    Now my Smartphone doesn't connect, so what good is my WiFi system? How can I make it secure and useful without buying a new router?
    Thanks for any help.
    Disabling WPS should not affect the ability of your smartphone to connect to the router in any way. What else have you changed?

  16. #15
    New Lounger
    Join Date
    May 2011
    Posts
    15
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Hi ruirib –
    All I am doing on the router web page is selecting ENABLED or DISABLED for WPS without changing anything else.
    When Disabled, the Motorola Bravo sees my routers name but is unable to connect to the internet. When WPS is again enabled, all works as expected. Admittedly, I am not too familiar with the other router settings.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •