2

I have heard a rumor that the WPS brute force attack doesn't work on newer devices. Is that true?

Smit Johnth
  • 1,709
  • 4
  • 17
  • 23
  • 1
    The [Wikipedia article on WPS](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Security) doesn't mention this. Can you link to a reliable source making this claim? – Brendan Long Mar 27 '13 at 15:42
  • What the heck? Who downwotes and why? No, I doesn't have a source, but people who hack WPS tell that newer devices are unhackable, that's why I ask. – Smit Johnth Mar 27 '13 at 16:00
  • 2
    My guess is the downvotes are because there does not seem to be any support that such a rumor exists, however the question is still valid and the answer appears to be "no, there is nothing making it so that it is no longer broken." It's still a perfectly valid question though. I gave it a +1. – AJ Henderson Mar 27 '13 at 17:57

2 Answers2

11

The three major problems with WPS are: (1) it requires only an 8 digit pin (10^8 is a small keyspace), (2) one digit of that pin is a checksum (hence 7 independent digits and 10^7 pins to check), and (3) the first group of four digits is checked independently - that is you need to only check at most 10^4 ~ 10000 pins to break the first group of four digits; and then 1000 to check the second group (since you know one digit due to the checksum). And really the expected number of attempts is half that; so on average only ~5500 attempts are needed.

WPS slightly mitigates this by mandating that you are locked out for 60 seconds after three consecutive bad attempts. Originally, not all WPS routers enforced this timeout (very bad even without vulnerabilities 2 and 3; checking at a rate of 10 per second; means you can break your neighbor's router in a few months). Some manufacturers will increase this timeout on subsequent failures, which is good. Note the three attempts = 60s timeout is not a panacea; e.g., will take 3.82 days on average (and at most 7.64 days) to crack into your neighbors WPS enabled router. Granted exponential timeouts could mitigate brute forcing; however how these timeouts are implemented is important. (E.g., if the attacker changes their wifi mac address on each attempt will they continue to be blocked out? Otherwise can you use this to DoS WPS connections?).

Now to answer your question: CERT (last updated May 2012) is "currently unaware of a practical solution to this problem" and recommends disabling WPS.

Also while there are rumors of a new WPS 2.0 standard eventually coming out, especially in the responses to this vulnerability. Hopefully, this fix would not let an attacker know if they've found a portion of the key and hopefully would require all digits to be independent instead of having a worthless checksum. However, the wifi alliance page on WPS doesn't mention this at all (e.g., the last press-release on WPS is from Feb 2008) unless its in one of the standards that cost $100-$200 to purchase. Standards tend to change slowly as it requires both the software and hardware end of the client and router to be fully compatible (and backward-compatible).

Granted, I'd expect nowadays more WPS enabled routers to implement the 60s + exponential timeout, but still would never recommend for anyone to use WPS.

dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • Thank for describing of WPS vulnerability.. oh wait, I already knew it! For some reasons, WPS bruteforce with reaver doesn't work for that people. Wonder why. – Smit Johnth Mar 27 '13 at 19:37
  • 6
    @SmitJohnth - Never claimed you didn't understand it, but this is a forum for people who may not be familiar with WPS (Wifi Protected Setup) so some context is helpful. The reason some tool (e.g., reaver) isn't working on newer routers is likely not a new protocol that brute-forcing the entire 10^7/10^8 (e.g., CERT isn't aware of it; wifi alliance hasn't announced new WPS protocol), but instead exponential/permanent timeouts after too many bad attempts preventing WPS brute-forcing. – dr jimbob Mar 27 '13 at 21:04
  • That's still not an answer to a question whether practical attacks on WPS are working today. – Smit Johnth Dec 02 '16 at 19:12
  • Practical attacks exist on WPS. There is no new WPS protocol. **DO NOT USE WPS**. Since this post more WPS attacks have been discovered that vastly speed up the time to break many popular WPS implementations of routers from 2014 and earlier (see [WPS pixie dust attack](http://ifconfig.dk/pixiedust/)). My guess is some routers may be better at detecting at stopping obvious brute force attempts (e.g., ban a MAC address after 100 bad guesses, but say spoofing your MAC can get around this). Don't trust un-sourced rumors to avoid active security advisories. – dr jimbob Dec 03 '16 at 07:11
  • This question is not about "should I use WPS" but about why can't people crack almost no router with WPS. – Smit Johnth Dec 04 '16 at 04:47
  • @SmitJohnth - The question "Has the WPS brute force cracking issue been fixed" is NO. Attackers that know what they are doing can crack modern routers with WPS enabled. It may not be as easy as it originally was via better adoption of timeouts, but with patience (and MAC spoofing) you can break the protocol. WPS is still a broken protocol. – dr jimbob Dec 06 '16 at 03:04
  • And I tell you this happens for me rather seldom. And FYI mac spoofing doesn't work. – Smit Johnth Dec 08 '16 at 23:41
0

Well, the answer of dr jimbob is not an answer at all. But now I know why. Most of routers visible are delivered by ISP and seems WPS with pin is kicked from the firmware. Non-ISP routers usually have WPS lockouts. So yes, WPS hacking is mostly dead at my location. TR069 works.

Smit Johnth
  • 1,709
  • 4
  • 17
  • 23