Security Now 335

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 335

Security Now 335: WiFi Protected (In)Security

News & Errata

  • Recorded Monday instead of Wednesday, Details of Microsoft's patch Tuesday not included in this episode as a result.
  • Microsoft planning to release fixes for 8 vulnerabilities in Windows and some dev tools with 7 security bulletins, one is rated critical.
  • Apple has a patent on a password recovery charger. Charger can authenticate itself in some way to the machine to enable password recovery.
  • About 200,000 URLs have suffered from another SQL injection attack.
  • Steve is cautious of using SSD in devices other than laptops due to the way Metal Oxide Semiconductor technology fatigues when written to.
    • Two alternative Technologies were found, Memristor and Phase-Change Memory
      • Memristor is patented by HP, it is a resistor which changes its resistance as a function of its history. HP plans to have production levels of memory around next year.

Spinrite Story - Carl and Joe

You Saved An Artist's Life / Spinrite Success
Hi, Steve,
I'm an avid listener of Security Now!. So when my younger brother Joe called saying that his hard drive, as he put it, had carked it, I knew exactly where to send him. He graduated last year and has been really motivated to get stuck into his artwork to kick off his career. His dead drive had potentially lost him years of work in progress which would be his ticket to getting his career underway. But now all that was threatened. He purchased, downloaded, and ran SpinRite, but he had trouble getting it to his computer, which wouldn't boot from a USB and didn't have a floppy drive. And the computer he downloaded it to also didn't have a CD burner. So he borrowed a USB from a friend, copied SpinRite to it, took it to his friend's place to burn a boot CD. I actually wasn't surprised when he told me it worked. He's now backing up all his precious artwork to DVD and getting on with his new career. Thank you for saving an artist's life work. Thank you for all your work on this wonderful product and for actually promoting it on your podcast.
Cheers, Carl and Joe.

Topic - Wifi Protected (In)Security

  • The Simple Security Setup protocol that all wifi-certified devices must support can allow a person to get the networks credentials in a few hours.
  • Also to receive wifi certification the protocol must be enabled by default.
  • A couple weeks ago a security researcher by the name of Stefan Viehbock released what he thought was his discovery of a new way to brute-force an aspect of all of our WiFi networks that had not been done before.
  • It had been done before, for more than a year, but never publicized, by a company called Tactical Network Solutions
  • Tactical Network Solutions immediately released a tool called Reaver that attacks WPS networks, as well as Walsh which will scan for WPS networks
  • As stated in Section 1.7 - "User Experience" of the Wifi Alliance spec,
    "The most important characteristic of any initial setup solution is the user experience. This section introduces two scenarios to illustrate the WiFi Simple Configuration user experience. Sections 5, 6, 10, and 11 contain a more detailed specification of these and other scenarios. In-band setup steps: One, user turns on the access point. Two, software on the cell phone automatically detects the access point and asks the user if he wants to configure the access point. Three, the phone prompts the user for the access point's PIN, found on a label attached to the device. The user keys in the PIN, accepts the default settings and clicks okay a few times, and receives confirmation that the access point has been successfully configured on their device. Now, the user brings home a wireless printer and turns it on. The phone detects the new wireless device and prompts the user to add it to the network. The user reads the printer's PIN number from its display and enters it into the cell phone. Both the cell phone and printer provide visual confirmation when the printer joins the network."
    "Context 2: The user has a portable game console that he wants to connect to the existing wireless LAN for online gaming. This user prioritizes convenience over security. So he decides to use the pushbutton configuration method for setting up the portable game console. Setup steps: One, user presses the PBC button on the game console. User presses the PBC button on the access point. The game console and access point display the progress of the PBC method on their respective user interfaces. Upon completion of the protocol, both indicate connection success."
  • Four different modes for using WPS, a press this button mode on both devices which enables a pairing mode for 120 seconds, it will then create a link with the device it finds or if multiple devices are found it will not proceed. Also in the specification, all devices must support a numeric PIN for initial setup which is assigned randomly per device which is usually on a sticker. The PIN is 8 digits and the last is a checksum which is first verified locally before even attempting to use the given PIN.
    • "Headless devices: Headless devices (those without a display) are required by WiFi Simple Configuration to include an eight-digit device password called a PIN. A PIN on a headless device is typically printed on a sticker or otherwise physically inscribed on the device. The PIN value of a headless device must also be configured into the device itself. This would typically be done during the manufacturing process. PIN-based device passwords are the basic security level for WiFi Simple Configuration. Since one of the digits in the eight-digit PIN is used as a checksum, the PIN contains approximately 23 bits of entropy. This in itself is not the biggest limitation, however. The biggest limitation is that this PIN may be a fixed value when it is on a label. Because a fixed PIN value is very likely to be reused, it is susceptible to active attack. The protocol permits the user to override the default device password with a new value, which can help security-conscious users reduce this vulnerability."
      "If possible, an access point should generate and display a fresh PIN for establishing external registrars each time the registration protocol is run in the access point setup mode. However, if a static PIN is used, the access point must track multiple failed attempts to authenticate an external registrar and then enter a lockdown state. This state is signaled by setting the attribute access point locked to 'True.' After three failed PIN authentication attempts within 60 seconds, an access point must stay in the lockdown state for 60 seconds."
  • Although in the specification, many devices do not follow this lockdown procedure, however even with this, the attack still only takes on the order of a day.
    • "If an enrollee advertises support for the display configuration method, it is required to generate a fresh four- or eight-digit PIN each time it runs the registration protocol and show this PIN on a display. This has two significant advantages. First, because the password is single-use, it is not susceptible to the brute-force attack described above."
  • If done correctly, it would take a maximum of 6.338 years to try all possible PIN's.
    • "Guidelines and Requirements for PIN Values: The PIN requirements for the two main classes of devices are, A, headless devices, devices without a display, must use an eight-digit PIN, a PIN printed on a label attached to the device. The last digit of this eight-digit PIN is used as the checksum of the first seven digits. Section 7.4.1 specifies how the checksum is generated. Or, B, devices that use a display to show the PIN and can generate a new PIN must use either a four-digit or eight-digit PIN. The last digit of an eight-digit PIN is used as the checksum of the first seven digits as above, A four-digit PIN does not include a checksum digit."
  • The protocol's ability to use a 4 digit pin is the source of this problem. Originally designed around 4 digits and requiring an LCD, then changed to make 4 digits only for dynamic devices and 8 if it does not. To do this they extended the protocol, the handshake exchanges keys and random numbers to establish a session that is not susceptible to a replay attack. However, after this negotiation, instead of sending the 8 digit pin, the first 4 digits are sent and the access point will say if these are correct and then will send the last 4 digits, reducing the security from an 8 digit pin to two 4 digit pins. The original protocol only supported 4 digits so they just repeat the process.
  • So an attacker can now attack the first 4 digits until they succeed, and then using the first 4 they then guess the next 3 (last is checksum).
  • Manufacturers need to fix this so that the devices will not fail the first 4 digits if expecting 8, this would solve the problem.
  • All Cisco routers (and Linksys) cannot disable the protocol, the web interface has a option to disable WPS, however it does not work.
  • D-Link DIR-655 and TP-Link among many others do not implement the lock-down allowing an attacker to guess as fast as possible.
  • On the Linksys WRT-320 during testing, somewhere between two and 150 failed authentication attempts, the router simply died and never came back.
  • The alternative firmwares DDWRT and Tomato both do not support WPS.
  • WPS routers do not necessarily need to have a button, look for a PIN somewhere on the router, or attempt to allow a device to autoconfig with the router.
  • In summary, D-Link and TP-link do not lockdown after failed attempts, Cisco and Linksys do not disable WPS when the setting is changed, and Linksys occasionally dies when attempting to crack the PIN.

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.