No Real Security with WPA2-PSK Wireless Network

P

PlatinumX098

n00b
Joined
May 12, 2012
Messages
3
I had assumed it was quite difficult or at least time consuming for anyone to break into a password protected WPA2-PSK encrypted wireless network. I'm still a novice or a learner when it comes to computer networking, so I realized this could be untrue.

Some days ago, my 9 year old nephew visited my parent's home where I had set up a WPA2-PSK encrypted network with what I know to be a strong password for both the router and the security phrase.

When I arrived back to my parent's home, I found out that my nephew was some how able to use the password encrypted network. There was no way he could have known the network password himself. I don't mind if my nephew uses our network, but it shows there are serious holes in the security of a WPA wireless network if he was able to bypass the password.

My parent's later told me that while I was away, my nephew was unable to connect to the network, and so used his cell phone and called his father (my brother-in-law). In just a short of time, my brother-in-law explained to my nephew how to bypass the password on our wireless network and use the internet. My parent's are not too happy about what happened and did not realize what my nephew and brother-in-law were doing at the time.

And by the way, my brother-in-law is a cyber-criminal and a felon who also uses his children to steal items, so I do not like my parent's network being vulnerable to this guy.

No matter what password is used to protect the network and no matter how complicated, my brother-in-law uses some type of technique to bypass them. And as demonstrated by the story above, he even uses his own children to bypass our network security.

I would greatly appreciate if some users could instruct me on how to better secure my parent's WPA-PSK2 network from this criminal to prevent the breaching from happening again. And if he was able to break through, then I'm guessing it really isn't too difficult for others to breach the security of a WPA-PSK2 network either.


Please offer some advice and thanks for reading.
 
No, there's no feasible way to crack WPA2-PSK, certainly not for a 9 year old.

If you have physical access to the router, it's trivial to reset it / log in and turn off wireless security.

Why don't you ask your uncle (or nephew if you aren't exactly on speaking terms with your uncle) exactly what technique he used? I guarantee he didn't crack your password or do anything else to bypass it in the air.
 
So, your bro inlaw walked your nephew through logging into the router through a wired connection and looked up the password?

Change the log in password on your damn router!!!

But as spnge put it, if someone has physical access to your router they can just push the reset button and use it that way.
 
Dude, he probably just pressed the WPS button on the front of the router, which allows you to connect without knowing the pre-shared key. This is by design. Routers aren't designed to keep people out who have physical access.
 
With physical access to the router anything is possible, and in relatively short time. If you have the WPS feature turn it off read up on "Reaver". Again, with physical access all it takes is a quick reset of the router and any security you might have implemented will be washed way. So make sure you look that baby up if you are truly paranoid.
 
As already stated. No software security replaces the need for good physical security. Which is why most parents attempts to prevent little Johnny from surfing porn is futile at best.
 
This is why my wireless network is separate from my main network.

Though our hospital uses WPA2 for the medical network, so I figure if it's good enough for a hospital it must be good enough for me. I have a few "touchy" things on that network such as my hvac control but the back end has some security measures that disallow to set ridiculously high/low temps or do stuff that could damage the system.

There may be ways to gather enough traffic through wireshark or something to decrypt, but figured it was more complex than that. With WEP I think you only needed a small amount of traffic to be able to get the key.

And as mentioned if he had physical access to the router then he probably just reset or used that button feature.
 
the only WPA2 vulnerability i know of requires the exploiter to already be authenticated to the network.
 
was there other wireless windows devices around? if so it is very simple to get the key from one of those devices. just a few clicks.

wlan-2.jpg
 
I can rule out the following:

1) My nephew could not have logged into the router. I changed the default password to a strong one months ago for logging in. I have the password written down, and he could not have gotten access to it.

2) The router was not reset. The security settings when logging into the router and passwords are all the same as they were. I know the router reset button when pressed with a pen or pointed object resets all settings.

----------------------------

The router I am using does have WPS since I looked my model up. It is a newer model (early 2011). And my nephew did tell me all he did was hit some kind of refresh button and that gave him the password. Do you think he was just told over the phone to follow through on the WPS feature to gain access without the security pass phrase?

He was sitting near the router while he was using the internet, and that leaves me to believe he was around it because he had to press certain buttons to connect.

If you have any additional insights or information, they would be greatly appreciated. Thanks.
 
tricky0502 said:
was there other wireless windows devices around? if so it is very simple to get the key from one of those devices. just a few clicks.

wlan-2.jpg
Click to expand...

is there any windows wireless devices where he could have just got they key without doing any work? it is only one click to view they key.
 
There is a pretty well known bug with WPS, I'm sure that's what he used.

Disable WPS entirely and you will be fine again.


It's either that, or he got the key off another computer as stated above.
 
There is no known flaw in WPA2 that allows key bypass/detection. I don't care how good you think someone is, it's VERY near impossible to crack it except for brute forcing. Reaver exploits WPS which is the equivalent to having a backdoor to Fort Knox in the first place. If you want true security, WPS needs to be disabled.

As you said "my brother-in-law is a cyber-criminal and a felon who also uses his children to steal items", you're already looking for the hard or nefarious reasoning behind this. Give it up, they did something easy.

And here is what happened: they used the WPS button.
 
PlatinumX098 said:
I can rule out the following:

1) My nephew could not have logged into the router. I changed the default password to a strong one months ago for logging in. I have the password written down, and he could not have gotten access to it.

2) The router was not reset. The security settings when logging into the router and passwords are all the same as they were. I know the router reset button when pressed with a pen or pointed object resets all settings.

----------------------------

The router I am using does have WPS since I looked my model up. It is a newer model (early 2011). And my nephew did tell me all he did was hit some kind of refresh button and that gave him the password. Do you think he was just told over the phone to follow through on the WPS feature to gain access without the security pass phrase?

He was sitting near the router while he was using the internet, and that leaves me to believe he was around it because he had to press certain buttons to connect.

If you have any additional insights or information, they would be greatly appreciated. Thanks.
Click to expand...

A) if you wrote a password down, never discount the fact that someone did not find it. Don't write passwords down, use an application like KeePass instead. Always assume kids know more than you think, because usually they do. I hacked into a game company's private FTP server when I was 15.

B) If it has WPS and you can be certain he did not log into the router or reboot it, then WPS is what he used, unless he simply pulled the password from another Windows PC that was already authenticated as can be described.

Nobody, particularly a 9-year-old, even when coached by a "cyber criminal" (anyone with the right software can be a cyber criminal even if they don't have 2 brain cells to rub together) is going to break through WPA2-PSK encryption in a few minutes without access to the router or an authenticated PC. If it was something easily done then the entire world would be in pretty big trouble.

WEP encryption is another matter. That can be broken with little effort or time.
 
Have fun breaking into my setup. I get SNMP alerts direct to my cell the second an event happens that I have defined such as logging into my router or switches etc...

To my understanding there is no real easy way to crack an AES encrypted wireless signal and if you are like me I change the crypto change over time to far less than most routers default of 3600 seconds.
 
He could not have gained access to any passwords from any paper files laying around as someone suggested. I carry all passwords with me in my backpack and I was not there when he gained access to the network.

My guess is he used the WPS feature. WPS was not disabled in the router advanced wireless settings; I just checked. I have it disabled now, however. At least it's disabled regarding access via the security PIN number etched on the router.

Another poster responded that he could have easily gained access to the network key from other wireless Windows devices connected to the network. Our network has several laptops and televisions connected to it. Therefore this is a possibility. If he was coached to use this method, could he now have the network security pass phrase in-hand by writing it down? Or is the password copied from those other devices into asterisk form? Thus do you think I should now change the network pass phrase to something else or is this unnecessary? I would appreciate a step-by-step procedure on how to replicate such a method for gaining access to a network pass phrase.

Regarding Reaver, he could not have used it. Based on my readings on this hacking software, it takes hours for that program to crack the PIN number of a router, and my nephew managed to gain access within minutes via advice from my brother-in-law on the phone. It had to have been a much more simpler and obvious way than Reaver.

Could someone instruct me on how to replicate what he did using WPS? Which button is it on a router? Is it on the front of the device? The manufacturer of my router is Netgear and the model is a WNDR3700 if that helps.

Thanks.
 
its not rocket science, you try to connect wirelessly, when it asks for a password, he pressed the wps button, its a big giant button that you press on the router. which then looks for recent requests for authentication and grants it.

so easy a 9 year old coached by a 'cyber-criminal' can do it...
 
Yea I doubt he used the WPS exploit.... physical access he probably just used it as intended.... or.... pulled passphrase from already connected devices
 
PlatinumX098 said:
He could not have gained access to any passwords from any paper files laying around as someone suggested. I carry all passwords with me in my backpack and I was not there when he gained access to the network.

My guess is he used the WPS feature. WPS was not disabled in the router advanced wireless settings; I just checked. I have it disabled now, however. At least it's disabled regarding access via the security PIN number etched on the router.

Another poster responded that he could have easily gained access to the network key from other wireless Windows devices connected to the network. Our network has several laptops and televisions connected to it. Therefore this is a possibility. If he was coached to use this method, could he now have the network security pass phrase in-hand by writing it down? Or is the password copied from those other devices into asterisk form? Thus do you think I should now change the network pass phrase to something else or is this unnecessary? I would appreciate a step-by-step procedure on how to replicate such a method for gaining access to a network pass phrase.

Regarding Reaver, he could not have used it. Based on my readings on this hacking software, it takes hours for that program to crack the PIN number of a router, and my nephew managed to gain access within minutes via advice from my brother-in-law on the phone. It had to have been a much more simpler and obvious way than Reaver.

Could someone instruct me on how to replicate what he did using WPS? Which button is it on a router? Is it on the front of the device? The manufacturer of my router is Netgear and the model is a WNDR3700 if that helps.

Thanks.
Click to expand...

If you look at the images above, you'll see a "Show characters" checkbox. This unmasks the network password, and then it's just a matter writing it down. Almost all devices will allow you to do this.
 
Haha the very reason I'm going to have my server 2008 run a radius service haha I will use enterprise wpa
 
Electrofreak said:
A) if you wrote a password down, never discount the fact that someone did not find it. Don't write passwords down, use an application like KeePass instead. Always assume kids know more than you think, because usually they do. I hacked into a game company's private FTP server when I was 15.
Click to expand...

PlatinumX098 said:
He could not have gained access to any passwords from any paper files laying around as someone suggested. I carry all passwords with me in my backpack and I was not there when he gained access to the network.
Click to expand...

I certainly didn't mention paper files laying around, or even that he had access to the passwords at that time. Has he ever had access to your backpack unattended? You may "know" he doesn't have the passwords, but when I was a kid, I had all my parents passwords, and they were kept in a locked drawer in a locked bedroom. Never stopped me...

Electrofreak said:
B) If it has WPS and you can be certain he did not log into the router or reboot it, then WPS is what he used, unless he simply pulled the password from another Windows PC that was already authenticated as can be described.
Click to expand...


PlatinumX098 said:
Another poster responded that he could have easily gained access to the network key from other wireless Windows devices connected to the network. Our network has several laptops and televisions connected to it. Therefore this is a possibility. If he was coached to use this method, could he now have the network security pass phrase in-hand by writing it down? Or is the password copied from those other devices into asterisk form? Thus do you think I should now change the network pass phrase to something else or is this unnecessary? I would appreciate a step-by-step procedure on how to replicate such a method for gaining access to a network pass phrase.
Click to expand...

1) Right-click the wireless icon in the Notification area of the Windows Task Bar and select Open Network and Sharing Center.

2) Click on Manage wireless networks.

3) Double-click your wireless network.

4) Click on the Security tab

5) Checkmark Show characters.

Congrats, you now have the wireless password for the network. This is why in an enterprise environment, the option to access Wireless Adapter settings is generally restricted, and User authentication is used instead of a shared password.
 
Electrofreak said:
This is why in an enterprise environment, the option to access Wireless Adapter settings is generally restricted, and User authentication is used instead of a shared password.
Click to expand...
An Enterprise environment shouldn't really concern themselves with this level of access control. They should have better ways of blocking all unauthorized devices (wired and wireless).
 
does your router have guest access enabled?

most the new routers have that feature.
 
I think the biggest concern to me is not the fact that he got into your network....


The biggest concern to me is that you allow a kid who has been used in the past as a criminals tool accessory to break into and steal stuff all alone in your house unsupervised....

The easiest way to stop this activity or any potential future threat is to not allow the brother in law over nor any of his kids... especially unsupervised. Why not stop the source at the problem rather than trying to find a work around that is not going to work (if the kid has access to any physical devices already on the network or already authenticated, he can get access).
 
m1abram said:
MAC address filtering is trivial to defeat, would not even call it a security layer and more of just an obfuscation layer.
Click to expand...

Maybe, but additional layers always help, especially when dealing with 9yo's who have zero skills but are being "remote desktoped" into from a crazy BIL.
 
Ockie said:
I think the biggest concern to me is not the fact that he got into your network....


The biggest concern to me is that you allow a kid who has been used in the past as a criminals tool accessory to break into and steal stuff all alone in your house unsupervised....

The easiest way to stop this activity or any potential future threat is to not allow the brother in law over nor any of his kids... especially unsupervised. Why not stop the source at the problem rather than trying to find a work around that is not going to work (if the kid has access to any physical devices already on the network or already authenticated, he can get access).
Click to expand...

QFT. The best summary of the issue I've seen yet.
 
You must log in or register to reply here.
Back
Top