Offline attack shows Wi-Fi routers still vulnerable
A researcher has refined an attack on wireless routers with poorly implemented versions of the Wi-Fi Protected Setup that allows someone to quickly gain access to a router’s network.
The attack exploits weak randomization, or the lack of randomization, in a key used to authenticate hardware PINs on some implementations of Wi-Fi Protected Setup, allowing anyone to quickly collect enough information to guess the PIN using offline calculations. By calculating the correct PIN, rather than attempting to brute-force guess the numerical password, the new attack circumvents defenses instituted by companies.
While previous attacks require up to 11,000 guesses—a relatively small number—and approximately four hours to find the correct PIN to access the router’s WPS functionality, the new attack only requires a single guess and a series of offline calculations, according to Dominique Bongard, reverse engineer and founder of 0xcite, a Swiss security firm.
“It takes one second,” he said. “It’s nothing. Bang. Done.”
The problem affects the implementations provided by two chipset manufacturers, Broadcom and a second vendor whom Bongard asked not to be named until they have had a chance to remediate the problem. Broadcom did not provide a comment to Ars.
Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom’s reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.
The Wi-Fi Alliance could not confirm whether the products impacted by the attack were certified, according to spokeswoman Carol Carrubba.
“A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices,” she said in a statement. “It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings.”
The research, originally demonstrated at the Black Hat security conference in early August, builds on previous work published by Stefan Viehböck in late 2011. Viehböck found a number of design flaws in Wi-Fi Protected Setup, but most significantly, he found that the PIN needed to complete the setup of a wireless router could be broken into smaller parts and each part attacked separately. By breaking down the key, the number of attempts an attacker would have to try before finding the key shrunk from an untenable 100 million down to a paltry 11,000—a significant flaw for any access-control technology.
Viehböck was not the only researcher to notice the flaws in the technology. Independently, Craig Heffner of Tactical Network Solutions discovered the issue and created a tool, Reaver, to use brute-force guessing of all 11,000 combinations to find the PIN. Ars Technica used the tool to confirm the original issue.
Bongard’s updated attack exploits the lack of randomization in the nonce, a number used to create the pseudo-random inputs to calculate the keys.
Listing image by Ming Xia