[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
From: Derek <derek@xxxxxxxxxxx>
Date: Mon, 13 Feb 2012 09:00:49 +1030

They should at least consider providing an option to disable the static pin 
only or disable it after an hour if the future is activated by the user.

Seems to be something that could be included in a future firmware update.

For a vendor to provide another mechanism for a user to get remotely hacked 
(within wireless TX/RX range) and not address it in a reasonable amount of 
time, exposes the less technical user, who is was intended to help in the first 
place.

It would be interesting to see if this feature went through a technical 
security risk assessment and if so, how the static pin was rationalised for 
public release.

I setup an isolated vulnerable device and had attack traffic within 2 days of 
it being activated. I did make the SSID very attractive, but the war drivers 
are certainly getting out of the house again. 


Thanks
Derek


On 13/02/2012, at 1:47, Rob Fuller <jd.mubix@xxxxxxxxx> wrote:

> I've tested a 6 models of Linksys, all of them appear to disable WPS
> completely as soon as a single wireless setting is set. I assume this
> would be the reason Cisco/Linksys aren't putting much stock in
> 'fixing' it further. If anyone has any experience to contradict this
> or have a modification to current tools to circumvent what I've
> perceived as disabled, I, as I'm sure Craig, would be very interested.
> 
> --
> Rob Fuller | Mubix
> Certified Checkbox Unchecker
> Room362.com | Hak5.org
> 
> 
> 
> On Sat, Feb 11, 2012 at 4:23 PM,  <farthvader@xxxxxxx> wrote:
>> _________________________________________________________________________
>> "Use Tomato-USB OS on them."
>> _________________________________________________________________________
>> 
>> Besides you void warranty...
>> list of DD-WRT Supported routers:
>> 
>>  E1000        supported
>>  E1000 v2     supported
>>  E1000 v2.1   supported
>>  E1200 v1     ???
>>  E1200 v2     ???
>>  E1500        ???
>>  E1550        ???
>>  E2000        supported
>>  E2100L       supported
>>  E2500        not supported
>>  E3000        supported
>>  E3200        supported
>>  E4200 v1     not supported yet
>>  E4200 v2     not supported
>>  M10          ????
>>  M20          ????
>>  M20 v2       ????
>>  RE1000       ????
>>  WAG120N      not supported
>>  WAG160N      not supported
>>  WAG160N v2   not supported
>>  WAG310G      not supported
>>  WAG320N      not supported
>>  WAG54G2      not supported
>>  WAP610N      not supported
>>  WRT110       not supported
>>  WRT120N      not supported
>>  WRT160N v1   supported
>>  WRT160N v2   not supported
>>  WRT160N v3   supported
>>  WRT160NL     supported
>>  WRT310N v1   supported
>>  WRT310N v2   not supported yet
>>  WRT320N      supported
>>  WRT400N      supported
>>  WRT54G2 v1   supported
>>  WRT54G2 v1.3 supported
>>  WRT54G2 v1.5 not supported
>>  WRT54GS2 v1  supported
>>  WRT610N v1   supported
>>  WRT610N v2   supported
>>  X2000        not supported
>>  X2000 v2     not supported
>>  X3000        not supported.
>> 
>> _________________________________________________________________________
>> 
>> "Fixing?  Heh.
>> 
>> Aside from rate limiting WPS, there isn't much of a fix, and you can't turn 
>> it off either."
>> _________________________________________________________________________
>> 
>> What about removing WuPS entirely?
>> 
>> WuPS is a total failure because:
>> 
>> 1. Even if everything is fine 8 digits long is very weak because once you 
>> got the pin after 7 month - 2 years for example, you are completely pwned.
>> 
>> 2. Pin number is fixed you can't change it to a longer number or maybe a 
>> string like "omgponnies"
>> 
>> 3. Setting up a WPA2 password manually it's a piece of cake (even with 
>> keypad only cell phones), if some people are lazy, you don't have to 
>> weakening the security of a strong protocol.
>> 
>> Farth Vader
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: Alex Buie

References:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: farthvader
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
  - From: Rob Fuller

Prev by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Next by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Previous by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Next by thread: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Index(es):
- Date
- Thread