![]() ![]() If you have such devices, make it a priority to replace them, and try to avoid them in the future. These sort of attacks might be difficult/impractical, but any unnecessary attack surface is a risk, so, it's preferable to not use WPS at all.ĭisable it entirely, even in the push-button form, unless you have a device where you are forced to use it by not having the ability to enter a passphrase. I wasn't able to easily find information on what if any mitigations are employed by vendors, but since the hardware button typically doesn't offer a sufficiently clear indication of which device was authenticated or of whether a device successfully authenticated, it's at least a plausible scenario. This is particularly likely if the authenticated device is a printer or other similar hardware on which passphrase authentication is more difficult. This is especially viable when/if the attacker observes a new device being brought into the home or office, since they can assume you will need to connect that device.Ī less patient attacker could disrupt communication with an already authenticated device in the hope the end user will attempt to fix the problem by performing the setup process again, and then try to authenticate instead of the authorized device as above. The user may believe the process simply failed, attempt again, and assume by their success on the second attempt, assume nothing is wrong. Off the top of my head I can come up with:Ī patient attacker could conceivably wait for the setup process to occur and potentially disrupt communication from the client attempting to authenticate, then initiate an authentication attempt from a malicious client before the WPS button is pressed. ![]() Push-button setup is safer, but there are still at least a few theoretical attack scenarios. So, how much do you trust Netgear to not screw this up? I think it would be understandable if this makes some security folks throw up their arms in disgust and say "oh, to heck with it, just turn off WPS, I don't trust the router vendors to get this right". The bad track record, and the fact that it is not easy for an average user to tell whether they've finally gotten it right this time, does give some room for concern. That said, router vendors have screwed this stuff up before. The WPS attacks were only discovered less than a year ago, so versions of the firmware written before the attack was discovered are very likely to be vulnerable.) (Do make sure you are running the latest version of the Netgear firmware. Therefore, if Netgear has implemented WPS PBC correctly, and has properly disabled all the other forms of WPS, you should hopefully be safe (fingers crossed). It is not effective against a properly implemented version of WPS Push-button-connect (PBC), because a remote attacker cannot physically push the button your router, and WPS PBC requires someone to press the button before it can proceed. The attack described there breaks the PIN-based forms of WPS. How The WPS Bug Came To Be, And How Ugly It Actually Is, Dan Kaminsky, 2012.Brute forcing Wi-Fi Protected Setup, Stefan Viehböck, 2011.The known attack on WPS is described in this paper: However, I have no idea whether Netgear has implemented it properly, and if they haven't, you might be insecure. If Netgear has implemented it properly, WPS Push-button-connect should be secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |