Wi-Fi Protected Setup is a security risk

Wi-Fi security

a Wi-Fi connection
Using Wi-Fi to connect to the Internet is certainly handy.

a secure Wi-Fi connection
However, it’s very important to make sure that the connection is secure.

a compromised Wi-Fi connection

Here are a few reminders to prevent someone to crack your connection and penetrate your network:

  • use WPA2 (WEP can be broken in a few seconds)
  • use a long password (to make attacks harder)
  • don’t use a standard SSID (to prevent pre-attacks)

So to be secure, each of your guest would have to enter a long password on his smartphone, tablet, which can be seen as inconvenient …

WPS

wpsTo make it easier, Wi-Fi Protected Setup (WPS) was introduced.

There are two different ways to connect to a WPS-enabled router:

  • push a special button on the router
  • enter a PIN that is written on the back:

wps_barcode

So what could go wrong ?
The PIN is not visible from outside, and the button is not reachable. Everything seems fine.

Weaknesses

the PIN is not so strong

First, it looks like the PIN is 8 characters, but it’s actually made of two independent parts, that are checked one after the other: so you just have to find the first one, then the second one. It’s making attacks much faster.

the PIN is not always random

Most implementations don’t respect strictly the standard: to prevent the WPS PIN to be easily guessed, it should be entirely random. However, to simplify manufacturing, it’s often derived from the MAC, which is available to anyone nearby. Many of this derivation algorithm have been identified, so an attacker just needs to come within connection range to your router, get its MAC, use a script to get the WPS PIN, and that’s it!

Randomness is hard

Another important part of the WPS protocol is the communicating devices have to exchange random numbers. Sadly, producing correct random numbers is not trivial, especially on cheap devices.

a dice with two '1' face

If the router internally behaves like a dice where all faces are not different, or a dice that can’t give the same number twice in a row, then this can be abused:

  1. by knowing how the random numbers are generated
  2. grab the initial random numbers exchanged during the communication
  3. determine the next numbers to be generated
  4. generate the next internal values and connect to the Wi-Fi, even if the WPS PIN is unknown!

This attack is very strong, as it requires no brute force at all: just connect on the first try.

Luckily, it depends on the router model.
Sadly, many routers from different brands use internally the same vulnerable system.

Conclusion

Wi-Fi Protected Setup is a security risk – disable it now (if you can)!

For more details, check Dominique Bongard‘s presentation.

This post is also available in: German

Engine developer