2012-01-06
A practical demo of the latest attack on ...
A practical demo of the latest attack on WiFi security: Hands-on: hacking WiFi Protected Setup with Reaver - Ars Technica shows that it is quite easy to attack WiFi access-points which use WiFi Protected Setup (WPS). The idea behind WPS is that good WPA2 keys are difficult to remember and difficult to reliably copy from the access-point to the client system. WPS uses a PIN hard-coded in the access-point and a client which understands WPS can access the WPA2 key when it has the WPS pin. But a vulnerability in the WPS system allows malicious clients to find the WPS pin (which cannot be changed..) which allows access to the current WPA2 key. So even if you change the WPA2 key, the WPS pin will still allow access to it. WiFi security seems to be a constant arms race. And keeping the balance between security and accessibility is also important.