Wifi Protected Setup (WPS)

LAST UPDATED DATE: 12/14/2015
LAST UPDATED BY: Joey M. (@l0stkn0wledge)

Summary

WPS is a feature most often found on home wireless routers; however, due to a large overlap in the home, small office, and small business markets, the feature has crept into some smaller corporate environments where wireless networks are setup using more commodity hardware.

WPS can pose a variety of risks for wireless network security. The PIN-based method can be vunerable to brute force attacks over the air. Other types (e.g. push-button methods) would require physical access to the router.

Capabilities and Risk

This would allow an attacker to gain unauthorized access to a wireless network, thereby allowing for additional access into the network and systems attached to that connection.

Detection

WPS settings can be confirmed by examining the configuration of your wireless router. Button-based WPS methods will have a button located on the router.

Remediation

Disable WPS on wireless access points. If a device cannot disable WPS, default PIN values should be changed. Physical access to the router should be limited and secured to prevent local, physical attacks using WPS.

References

WPS Wikipedia (https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup)
Reaver on Google Code (https://code.google.com/p/reaver-wps/)
Cert Write-up on WPS PIN Vulnerability (http://www.kb.cert.org/vuls/id/723755)

Exploitation

reaver -i [monitor interface number] -b [ESSID] -v

Want to contribute? Check out the readme and contribution page or Get in touch!

Last updated on 5th Jul 2017

Assets

Web

Crypto

Printers

Tomcat

Web

Imgs

Windows