Security Experts has discovered that WiFi Protected Setup (WPS) is vulnerable and not secured because if an attacker tries to bruteforce an Access Point(AP) using WPS Pin Attack within his range, the attacker may be able to recover the WPA/WPA2 passphrase in 4-10 hours but it also depends on the AP. They also found out that the attack may cause a denial of service attack to the router.
Just today, news have spread that the Tactical Network Solutions have released an Open Source tool that lets you perform an attack on a WPS AP. And so in this article we will try to setup the said tool which is name as Reaver which reminds me of a protoss mobile artillery unit in Starcraft (trolololol).
To download this tool just wget it from this link. (update new version is 1.3):
Extract the gzip file:
tar zxvf reaver-1.3.tar.gz
Move to the directory for installation:
To get the BSID of the AP, you can use airodump-ng wlan0 which is also used for packet capturing of raw 802.11 frames. In order to start the attack, set the BSID and make sure to enable monitor mode (reaver -i mon0 -b <bsid:here> ). For example:
reaver -i mon0 -b 78:44:76:0E:09:54
Well that should be it. The instructions can also be found in this directory and file : reaver-1.1/docs/README. If you want to read it you may launch gedit or you may cat it.
Security Experts said that there is no patch for this vulnerability yet.