WPA Cracking Using WPS

There was a new tool posted yesterday over on /dev/ttyS0, Reaver that takes advantage of the WPS specification, exploiting an inherent weekness in to retrieve an access points WPA/WPA2 shared key in a matter of hours.

The tool is very simple to use, taking just a BSSID as a parameter, and attempting to bruteforce the WPS pin on an access point, however there are reports (including one from myself) of issues getting the tool to work with certain drivers, but hopefully these will be fixed soon.

This is a very exciting attack, as WPS is enabled by default on many AP’s, including many that do not automatically update firmware, meaning that this attack will be around for a while.

For this tool, and information on how the exploit is performed, visit the /dev/ttyS0 blog here, as well as the original auther of the vulnerabilitity .braindump here.

As for how to protect yourself against this attack….. just disable WPS 🙂