It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

WiFi threat: Attention ATS wireless users

page: 1
21
<<   2  3  4 >>

log in

join
share:

posted on Dec, 29 2011 @ 08:15 PM
link   
This is difficult to post because the specific details could be a violation of the T&C. Given how pervasive wireless is today and the tendency by many to use this easy set-up method, I simply wanted to raise awareness. I will not provide specifics on the attack but it does work
Mods please move this thread if needed, but hopefully the message gets out.

There is word in the security community that the commonly used WPS (Wi-Fi Protected Setup) is vulnerable to brute force attacks. The 8 digit random pin associated with WPS can be breached in about 10 hours.

WPS Details

Why does this matter? The concern here is that even if you have the recommended WPA/WPA2 secured access in place, if WPS is enabled and successfully compromised your WPA/WPA2 passphrase is at risk. This is not to be confused with the already widely known vulnerabilities associated with WEP.

At the very least disable this feature in your wireless router (if possible). Also check with your vendor for latest firmware and recommendations.

brill




posted on Dec, 29 2011 @ 08:33 PM
link   
reply to post by brill
 


Brill,

I really appreciate you bringing this to our attention. But it leaves me wondering about the 10 hour thing. In order for a person to dedicate 10 hours to brute forcing someones WPA they would have to be real interested in whatever they wanted in that person's network. I understand that whatever is on the machine might be irrelevant to the break in and that the point might be to own the box for other purposes, but 10 hours?

Not only that but if someone really wanted to own your machine, I mean like dedicated professionals, it's not going to take them 10 hours and that machine's butt was already owned when the machine was first powered up.

All I mean to say is, is that things are really wonky and wild-west like with all this stuff right now. Information security is not the concern at all of the daily consumer electronics user. I don't know about you but I can actually count the relatives who have been had at ATMs and that sort of thing on all the fingers of one hand including the thumb. Some of them have been hit up to 3 times in the last 2 years! Yes, some of them are old.

The deal is that as long as this keeps up people are going to get interested in how they can prevent it themselves and they will do something about it. They will actually learn to use their computers for what they were meant to be used for and will set down the porn. When this happens the true Golden Age of Unix will begin.

But it is not going to be easy. We will have to fight for every inch.

Here is a project started year before last that will give you an idea of where this could go. I believe it will.

freedomboxfoundation.org...

edit on 29-12-2011 by Frater210 because:




posted on Dec, 29 2011 @ 08:36 PM
link   
reply to post by brill
 


It doesn't take ten hours to hack your wifi no matter what security you have is somebody wants in. Hell you can find the info on google if you really want to. Sony can get whatever they want off your PC and the courts say it's fine to begin with. Don't keep anything on your PC you don't want somebody to see if your so worried. Buy you a stand alone drive and plop it there or any other number of media you could store it on.



posted on Dec, 29 2011 @ 08:41 PM
link   

Originally posted by Frater210
reply to post by brill
 


Brill,

I really appreciate you bringing this to our attention. But it leaves me wondering about the 10 hour thing. In order for a person to dedicate 10 hours to brute forcing someones WPA they would have to be real interested in whatever they wanted in that person's network. I understand that whatever is on the machine might be irrelevant to the break in and that the point might be to own the box for other purposes, but 10 hours?


As you've indicated its not about getting to your data but owning you. Identity theft is rampant and this merely presents another node to use for whatever reasons the perpetrator sees fit. Because this particular method is relatively new the time factor will drop with more effective code. This has the potential to be where WEP was several years back.

brill



posted on Dec, 29 2011 @ 08:43 PM
link   
10 hours? i did it in 15 mins using backtrack to hack mine. And lets face it Wi-Fi is not really secure at all.
And to think of all the people i see in coffee shops with there laptops open typing away without thinking about the security or lack there of. Hacking a "hot spot" is easier then hacking the laptops using it. Think about that next time your out and about. Be smart be safe.
edit on 12/29/2011 by GunzCoty because:




posted on Dec, 29 2011 @ 08:45 PM
link   

Originally posted by HoldTheBeans
reply to post by brill
 


It doesn't take ten hours to hack your wifi no matter what security you have is somebody wants in. Hell you can find the info on google if you really want to. Sony can get whatever they want off your PC and the courts say it's fine to begin with. Don't keep anything on your PC you don't want somebody to see if your so worried. Buy you a stand alone drive and plop it there or any other number of media you could store it on.


You have completely missed the point. People are slowly moving from WEP to WPA/WPA2 and ending it there. WPS was designed to alleviate some of the frustration associated with setting up WPA/WPA2. Think of this as a Maginot Line. I'm not going to go into the other items you've commented on because its redundant. This is a specific issue.

brill

edit on 29-12-2011 by brill because: (no reason given)



posted on Dec, 29 2011 @ 08:46 PM
link   

Originally posted by Frater210

I really appreciate you bringing this to our attention. But it leaves me wondering about the 10 hour thing. In order for a person to dedicate 10 hours to brute forcing someones WPA they would have to be real interested in whatever they wanted in that person's network. I understand that whatever is on the machine might be irrelevant to the break in and that the point might be to own the box for other purposes, but 10 hours?



Brute forcing does not necessarily require someone to sit at the computer individually attempting access over and over. I know in the past there were programs and key word databases that could be set up to automatically run until access was gained. I assume much has not changed that way over time.



posted on Dec, 29 2011 @ 08:46 PM
link   
reply to post by brill
 


Oh i see what you mean there.
line #2



posted on Dec, 29 2011 @ 08:47 PM
link   

Originally posted by GunzCoty
10 hours? i did it in 15 mins using backtrack to hack mine. And lets face it Wi-Fi is not really secure at all.
And to think of all the people i see in coffee shops with there laptops open typing away without thinking about the security or lack there of. Hacking a "hot spot" is easier then hacking the laptops using it. Think about that next time your out and about. Be smart be safe.
edit on 12/29/2011 by GunzCoty because:



I highly doubt it. You are most likely confusing this with WEP. This is about WPS not WEP. Please read the OP completely. WPA/WPA2 are generally secure (there are some rumblings here of course) but this attack completely skirts those measures.

brill



posted on Dec, 29 2011 @ 08:48 PM
link   
It can take a lot more or less than 10 hours depending on several variables. Linux back track is a pretty handy platform for testing. But 2 big factors would be the complexity of the passphrase and whats under the hood of the offensive machine. Porting to cuda can speed up the time greatly but can still take days if there is a very complex phrase and there have to be clients attached to begin with. I tell all my customers security is an illusion, it doesn't matter if its a machine/network, a house or a country. The best we can do is make it as hard as possible, case in point, longest passphrase possible mixed with upper and lowercase letters, numbers and symbols. Turn off your "broadcast SSID" and then name it something like "dial up", deploy your mac filter, lower the strength of your radio to only what you need to get to the furthest point you use it. And if possible mount it on the floor of your basement so what signal being output is shielded by the earth and goes up instead of out in all directions. Also have machines shut down when not in use and change passphrase frequently. Also you can see if your devices are 802.1x compliant and deploy.
edit on 29-12-2011 by ludshed because: (no reason given)



posted on Dec, 29 2011 @ 08:49 PM
link   

Originally posted by GunzCoty
reply to post by brill
 


Oh i see what you mean there.
line #2





brill



posted on Dec, 29 2011 @ 08:50 PM
link   
Thanks for posting... have been wondering more about the security of it. I've had an attempted breach of it before. Luckily, now I am back off of it.



posted on Dec, 29 2011 @ 08:53 PM
link   

Originally posted by ludshed
It can take a lot more or less than 10 hours depending on several variables. Linux back track is a pretty handy platform for testing. But 2 big factors would be the complexity of the passphrase and whats under the hood of the offensive machine. Porting to cuda can speed up the time greatly but can still take days if there is a very complex phrase and there have to be clients attached to begin with. I tell all my customers security is an illusion, it doesn't matter if its a machine/network, a house or a country. The best we can do is make it as hard as possible, case in point, longest passphrase possible mixed with upper and lowercase letters, numbers and symbols. Turn off your "broadcast SSID" and then name it something like "dial up", deploy your mac filter, lower the strength of your radio to only what you need to get to the furthest point you use it. And if possible mount it on the floor of your basement so what signal is being output is shielded by the earth and goes up instead of out in all direction. Also have machines shut down when not in use and change passphrase frequently. Also you can see if your devices are 802.1x compliant and deploy.


This is not a pass-phrase, so far as traditional pass-phrases are concerned, this is a random 8 digit pin (numbers only). Turning off broadcasting SSID's does nothing to a good attacker. Same with MAC filters....useless. I agree with signal propagation though, in fact I turn mine down as much as possible in an attempt to not have the signal bleed too much out.

brill



posted on Dec, 29 2011 @ 08:55 PM
link   
This is why I have DD-WRT on my router, 100x better then the factory junk FW that came with my router, and very effective in keeping unwanted people out of my network. If you are using wireless and then choose to use WPS then you deserve to get hacked.



posted on Dec, 29 2011 @ 09:00 PM
link   
reply to post by brill
 



As you've indicated its not about getting to your data but owning you. Identity theft is rampant and this merely presents another node to use for whatever reasons the perpetrator sees fit. Because this particular method is relatively new the time factor will drop with more effective code. This has the potential to be where WEP was several years back.

brill


Basically this is useless for identity theft... I could understand some kids trying to built a botnet, even some freak using them as drop sites for kiddie pr0n... But this is useless for identity theft... Why waste 10 hours to crack a WPA then maybe a couple days of sniffing data hoping to get something valuable when you can do this over the phone in 10 minutes using a callcenter sound effects, an unplugged keyboard which is something any Joe Schmo one brick short of a load can do...

This is a proof of concept and will take at least 1-2 years before they can tweak it to make it as effective as the current WEP cracking tools... WEP is easy to crack because its fundamentally flawed... and you can estimate the key values by matching weak packets "IV's" if your familiar with the aircrack toolset you'll know what I'm talking about.

By the time WPA become obsolete, 20 more new encryption schemes will be out, then the story will start over again.

But you'll always have idiots that won't keep up with the technology and that will pay for it... I work for a major ISP nowaday people are so lazy I can't even wrap my head around it... you wouldn't imagine how many people call in frustrated like hell and scream because they have to "Restart their ADSL Modem once every 4-5 days" so it refresh the connection, clears the line and allow's it to resync at better speed making the connection faster.

Its too much of a burden for at least 5-10 different people a week normally that I will get whom are screaming at me because of the and I quote "Inconvenience and aggravation" that pressing a button twice once per week constitute...

Computers aren't flawed we are...

PS: I didn't mean to be harsh on you buddy, I wanted to point out the fact although it consist of a security threat its impact won't be felt for awhile and new schemes will arise to keep up with the threat so we should be fine
+ I think I needed to vent LOL....


edit on 29-12-2011 by _R4t_ because: (no reason given)



posted on Dec, 29 2011 @ 09:01 PM
link   
reply to post by Pixiefyre
 


No, I know, you are totally correct, push button and return later. I know. The OP is totally correct as well. There should be a post about this every day. What the hell are we going to do about this? Can't someone create some kind of "kaleidoscopic key generator" or something? I know we will solve it, but considering that all the security options offered by the routers sent to most folks by their ISPs are now moot, what is the next best go to?

I was thinking it would be a Freedombox type setup up (linked in my post above) which seems to function as a secure proxy through which all household traffic is filtered. What do you think? Have I got that straight?




posted on Dec, 29 2011 @ 09:03 PM
link   
I would be more concerned with people using your internet for illegal purposes, you could park in a development with a uttility van and farm access to large groups of secured internet...

Say for a denial of service attack on someone, than whoops your IP was used in a terrorist attack...



Just saying.

OR

How about loading up someones computer with Illegal documents, depending on how your network sharing is set up you could put anything on that computer and make it look like the computer in the house was the origin of the information on its drives...

Could be useful to frame people and or get revenge, just trying to think outside the box with what this info could be used for.
edit on 29-12-2011 by benrl because: (no reason given)



posted on Dec, 29 2011 @ 09:05 PM
link   

Originally posted by Frater210
reply to post by Pixiefyre
 


No, I know, you are totally correct, push button and return later. I know. The OP is totally correct as well. There should be a post about this every day. What the hell are we going to do about this? Can't someone create some kind of "kaleidoscopic key generator" or something? I know we will solve it, but considering that all the security options offered by the routers sent to most folks by their ISPs are now moot, what is the next best go to?

I was thinking it would be a Freedombox type setup up (linked in my post above) which seems to function as a secure proxy through which all household traffic is filtered. What do you think? Have I got that straight?



All current cracking attacks are based on the assumption the key isn't changing as it requires a certain amount of data because you can start applying different methods of attack in order to make the key come to light... New routers have multiple different keys and hop from one to another. This makes most attacks obsolete unless they are side-channel attacks or other that doesn't try to apply mathematical concepts to a set amount of data in order to try to predict the key values.



posted on Dec, 29 2011 @ 09:09 PM
link   

Originally posted by benrl
I would be more concerned with people using your internet for illegal purposes, you could park in a development with a uttility van and farm access to large groups of secured internet...

Say for a denial of service attack on someone, than whoops your IP was used in a terrorist attack...



Just saying.

OR

How about loading up someones computer with Illegal documents, depending on how your network sharing is set up you could put anything on that computer and make it look like the computer in the house was the origin of the information on its drives...

Could be useful to frame people and or get revenge, just trying to think outside the box with what this info could be used for.
edit on 29-12-2011 by benrl because: (no reason given)


Not trying to scare you or anything my friend
However you can disregard how your sharing permissions are set... just gotta use the proper exploit and it'll pretty much drill a hole through your permissions and even if your logged in as a low access user, once your in you can always escalate to admin accounts through various other means effectively making the sharing permissions obsolete.



posted on Dec, 29 2011 @ 09:12 PM
link   
reply to post by GR1ill3d
 


Dude, thanks, I followed up on that router. I see that the LinkSys unit that was meant to run the Linux based firmware has been changed and now prevents the switch over. I was wondering if you would mind providing the make of the router you are using so I can set myself up. Please U2U me if you wish, I really want to set this up.

Thanks in advance.




new topics

top topics



 
21
<<   2  3  4 >>

log in

join