About: WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and your wireless devices faster and easier. It only works for wireless networks that have WPA/WPA2 security. It is suppose to make it easier to connect devices without a keyboard, like a TV, to your home network. Most routers come with WPS enabled and work by pushing the WPS button on your router and connecting your device. I personally have never heard or WPS before doing this research and have never used it in my personal life.
WPS works by having the router generate an eight-digit PIN that you need to enter on your devices to connect. WPS can easily be cracked because rather than the router check the entire eight-digit PIN at once, the router checks the first four digits separately from the last four digits. This makes WPS PINs very easy to brute force. There are only 11,000 possible four-digit codes, and once the brute force software gets the first four digits right, the attacker can move on to the rest of the digits. Many modern routers try to prevent this by timing out incorrect pins after a certain time, but this is still not the norm.
Many routers come with WPS enabled and it can be disabled. You can follow my tutorial on how to disable WPS on my Netgear router here. The best router to purchase that will remain secure from this kind of attack is a router that doesn’t even provide WPS.
Objective: To demonstrate how insecure having WPS enabled on your router
Material: You will need the following:
Instructions: I am using PwnPi on my Raspberry Pi but this can also be performed using Raspbian. Let’s start by installing some software and the tools we will be using. I will assume you have the aircrack-ng suite already installed and know how to use your WiFi USB adapter. Continue Reading