Tool to exploit the new WPS gap published
Tactical Network Solution has released a tool called Reaver on Google Code, which discovered by Stefan Viehboeck gap exploits and displays Wi-Fi passwords of Access Points and wireless NAT routers in plain text, even if WPA or WPA2 encryption used.
In a blog entry to write the company that they knew for about a year of the gap and have thus developed the tool. The C-written program can be downloaded as source code and compiled. It runs on Linux and works with most Wi-Fi adapters. The current version 1.1 but has a problem with USB WLAN sticks based on the Atheros AR9170 chip.
Scope and professionalism of the code shows that Tactical Network Solutions actually know for some time about the vulnerability assessment. It was not programmed to quickly Viehboeck discovery through in a few days.
The fact that the source code is expected to be available shortly for Windows and Mac OS ports, and mobile devices with Android and iOS on the net. Thus, it is accessible to a wide audience. Most affected are the access points that have permanently activated with WPS PIN entry. Already confirmed is the gap for wireless routers and access point manufacturer Belkin, Buffalo, D-Link, Linksys (Cisco), Netgear, Technicolor, D-Link and Zyxel. It has determined that AVM Fritz box with latest firmware are not affected by the problem.
The program is operated under Linux via the command line. It is necessary to input the MAC address of the access points to be cracked. However, it can determine with common tools on Linux. Tactical Network Solutions also offers a commercial version, which is conveniently operated via a web interface. It contains additional optimizations for specific hardware models, which speeds the chopping process.
Originally the company wanted its code is not available to everyone. After Viehboeck but details have published over the gap, we see no reason for restraint, they said.
Owners of affected access points and wireless routers should be aware that their devices can be cracked by anyone without prior technical knowledge and misused for illegal purposes, such as file sharing of copyrighted works.
WPS users should turn off their access points for safety. Particularly at risk are users who use their wireless password for other services such as home banking. Some models cannot disable WPS. For these devices, users should take off from the mains or at least the entire wireless functionality until a firmware update is available to solve the problem.