sponsors
help promote
usenix conference policies
Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers
Eduardo Novella Lorente, Carlo Meijer, and Roel Verdult, Radboud University
Awarded Best Student Paper!
A wireless router is a networking device that enables a user to set up a wireless connection to the Internet. A router can offer a secure channel by cryptographic means which provides authenticity and confidentiality. Nowadays, almost all routers use a secure channel by default that is based onWi-Fi Protected Access II (WPA2). This is a security protocol which is believed not to be susceptible to practical key recovery attacks. However, the passwords should have sufficient entropy to avert brute force attacks.
In this paper, we compose a strategy on how to reverse-engineer embedded routers. Furthermore, we describe a procedure that can instantly gather a complete wireless authentication trace which enables an offline password recovery attack. Finally, we present a number of use cases where we identify extremely weak password generating algorithms in various routers which are massively deployed in The Netherlands.
The algorithms are used to generate the default WPA2 password. Such a password is loaded during device initialization and hardware reset. Users that did not explicitly change their wireless password are most likely vulnerable to practical attacks which can recover their password within minutes. A stolen password allows an adversary to abuse someone else’s internet connection, for instance compromising the firewall, making a fraudulent transaction or performing other criminal activities. Together with the Dutch National Cyber Security Centre we have initiated a responsible disclosure procedure. However, since these routers are also used by many other companies in various countries, our findings seem to relate an international industry wide security issue.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Eduardo Novella Lorente and Carlo Meijer and Roel Verdult},
title = {Scrutinizing {WPA2} Password Generating Algorithms in Wireless Routers},
booktitle = {9th USENIX Workshop on Offensive Technologies (WOOT 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot15/workshop-program/presentation/lorente},
publisher = {USENIX Association},
month = aug
}
connect with us