Thursday, November 1, 2012

How to crask WPA/WPA2 wireless routers

It's long been know that wireless routers with WEP might as well be wide open.  This form of "security" can be cracked in seconds or minutes.  That's why anyone with half a brain has their wireless router set to WPA/WPA2.  So imagine my surprise when I read an article recently detailing the steps to cracking WPA/WPA2 in under 10 hours.  What's more, it doesn't matter how long your wireless password is, whether you're using TKIP or AES, etc.  The hack uses a security flaw the gain access to the network.  Here's how to do it.

First, you need to download Backtrack Linux version 5 R2 or greater (version 5 R3 is the latest version as of writing this).  Download an ISO and burn that ISO onto a DVD.  Or if you wish you can follow their guide to create a bootable USB drive.

Next you need to boot your laptop off the DVD (or USB drive).  Thanks to Linux's live CD, you don't have to install Backtrack Linux, you can run it in memory.

Once Linux has loaded, run the command "iwconfig" to list available wireless adapters in your computer.  For most computers your wireless adapter will be "wlan0."

Next run "airmon-ng start wlan0" to place your wireless card into monitor mode.  Once successful, it will print out the name of your monitor session, which is typically "mon0."

Now we need to find the BSSID of the router you wish to attack.  Type "airodump-ng wlan0" to list available wireless networks.  (If this command fails, use "airodump-ng mon0" instead).  The first column is the BSSID.  Once you see your router, press Ctrl+C to stop the refreshing and write down the BSSID.

Now you're ready to attack.  Run the command "reaver -i mon0 -b BSSID -vv" where 'BSSID' is the value for your router.  Sit back and let it run.  This would be a good thing to run overnight as it can take upwards of 10 hours.


So how does this work you ask?  Well it takes advantage of a convenience feature called WPS or "WiFi Protected Setup."  WPS is a feature to allow you to add new devices to your network without having to type in the wireless password.  But as is usually the case, convenience and security are on opposite ends.  If you want convenience you give up security.  Me personally, I'd rather have a secure network, especially since I've never used WPS.  So the way to protect yourself from this attack is to disable WPS on your router.  But be warned, not all routers with WPS allow you to disable this feature.  What's more, some routers that do support disabling WPS are still vulnerable even when WPS is disabled (in other words disabling WPS doesn't truly disable WPS).  I was pleased to discover my new Linksys E3200 wireless router does allow me to disable WPS and I was not able to hack my wireless network.  Before you check your router's settings, I suggest you visit the manufacturers webpage and look for an updated firmware.

To learn more about this WPA/WPA2 crack, read this LifeHacker article.

No comments:

Post a Comment