Reaver: a WiFi WPS cracking tool
Moving swiftly on from Stefan Viehböck’s published WPS vulnerability (see Vulnerability in WiFi’s WPS is likely to affect the majority of home users), Tactical Network Solutions has already released a WPS cracking tool called Reaver. Reaver, says the company,
is a capability that we at TNS have been testing, perfecting and using for nearly a year. But now that this vulnerability has been discussed publicly we have decided to announce and release Reaver, our WPS attack tool, to the open source community. Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point).
According to TNS, attacking WPS is much faster than attacking WPA directly yet gets you the same results: the WPA passphrase. The disadvantage is that WPS can be disabled. “However,” says Tactical,”in our experience even security experts with otherwise secure configurations neglect to disable WPS; further, some access points don’t provide an option to disable WPS, or don’t actually disable WPS when the owner tells it to.”
Oops.
Kevin Townsend 