An Offline attack shows Wi-Fi routers still vulnerable to hackers

An attack can break into some common Wi-Fi routers, via a configuration feature.

A researcher has refined an attack on wireless routers with poorly implemented versions of the Wi-Fi Protected Setup (WPS) that allows someone to quickly gain access to a router's network & enjoy "Free" Internet.

This attack exploits weak randomization of the router in a key used to authenticate hardware PINs on some implementations of WPS, allowing anyone to quickly collect enough information to guess the PIN using offline calculations. By calculating the correct PIN, rather than attempting to brute-force guess the numerical password.

The previous attacks require up to 11,000 guesse and approximately four hours to find the correct PIN to access the router's WPS functionality, also the Reaver tool from Backtrack is dead as the router locks itself in an online attack. But the new attack only requires a single guess and a series of offline calculations, according to Dominique Bongard, reverse engineer and founder of 0xcite, a Swiss security firm as he says "It takes one second," "It's nothing. Bang. Done."

An attack using Backtrack 5 (click to zoom)

The problem affects the implementations provided by two chipset manufacturers, Broadcom and a second vendor whom Bongard asked not to be named until they have had a chance to remediate the problem.

Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.

The attack was originally demonstrated at the Black Hat security conference in early August, on the previous work published by Stefan Viehböck in late 2011. Viehböck found a number of design flaws in Wi-Fi Protected Setup, but most significantly, he found that the PIN needed to complete the setup of a wireless router could be broken into smaller parts and each part attacked separately. By breaking down the key, the number of attempts an attacker would have to try before finding the key shrunk from an untenable 100 million down to a paltry 11,000—a significant flaw for any access-control technology.

We'll be posting a post next week instructing how to hack a wifi network using Backtrack 5, so stay back!

Source : Arstechnica

Snowden claims NSA (accidentally) took Syria off the internet!

Back in late 2012, situation around Damascus was very sensitive, and suddenly all internet services in and out of Syria was suddenly shut down.

All the blame went to the Assad government, claiming that the regime had deliberately cut off communications to prevent the outside world from seeing what was happening in the country.

Technology firm Cloudflare published a detailed blog post, entitled “How Syria turned off the internet”, in an attempt to explain the outage and debunk claims by Syrian authorities that it was the result of a technical failure:

“While we cannot know for sure, our network team estimates that Syria likely has a small number of edge routers. All the edge routers are controlled by Syrian Telecommunications. The systematic way in which routes were withdrawn suggests that this was done through updates in router configurations, not through a physical failure or cable cut.”

But now the Mystery unfolds, In an interview with Wired, whistleblower Edward Snowden presented a different opinion: that the Syrian internet shutdown was the result of an NSA hack that went wrong:

The Internet Blackout

"One day an intelligence officer told him that TAO — a division of NSA hackers — had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead — rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the US government was responsible. (This is the first time the claim has been revealed.)

Inside the TAO operations center, the panicked government hackers had what Snowden calls an “oh shit” moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”

Hence it appears that Cloudflare was correct right back in 2012 when they stated the issue was due to a problematical router update. Just that it was done by the NSA hackers, rather than the Syrians.
It's really doubtful that NSA was so capable to knock off an entire country off the internet grid! While Ars Technica had stated that Syrian telecoms chiefs might have decided to withdraw Syrian networks from internet routing tables as a precautionary measure, while it investigated what had happened to its router.

It’s hard to say if Snowden is telling the truth, also the NSA won't willingly admit to any hacking it was doing against another country, and the Syrian authorities have got more other matters to solve about than investigate an internet problem that happened two years ago.

And if it's true, then seriously NSA must stop such activities, atleast don't make such mistakes, we know how tough it is to live without internet! "The Living Dead"


Source