Hackers Use Reaver to Execute WPS Attacks on Wi-Fi Networks
Wi-Fi Protected Setup (WPS) is a wireless standard that enables simple connectivity to “secure” wireless APs. The problem with WPS is that its implementation of registrar PINs make it easy to connect to wireless and can facilitate attacks on the very WPA/WPA2 pre-shared keys used to lock down the overall system.
WPS is intended for consumer use in home wireless networks. If your wireless environment is like most others, it probably contains consumer-grade wireless APs (routers) that are vulnerable to this attack.
The WPS attack is relatively straightforward using an open source tool called Reaver. Reaver works by executing a brute-force attack against the WPS PIN. You can use the commercial version, Reaver Pro, which comes with a bootable USB thumb drive and wireless adapter to streamline the process. Reaver’s interface is pretty straightforward.
Running Reaver is easy. You simply follow these steps:
Load Reaver and click the Play button in the middle of the window.
Click the Play button in the attack column next to the AP you want to crack.
Let Reaver run and do its thing.
It can take anywhere from a few minutes to a few hours, but if successful, Reaver will return the WPA pre-shared key. You can pause and resume the cracking at any time.
There are mixed results with Reaver depending on the computer you’re running it on and the wireless AP that you’re testing. It’s still a worthy attack you should pursue if you’re looking to find and fix the wireless flaws that matter.
It’s rare to come across a security fix as straightforward as this one: Disable WPS. If you need to leave WPS enabled, at least set up MAC address controls on your AP(s). It’s not foolproof, but it’s better than nothing!