Some notes on residential broadband wireless

WPA2 is ten years old
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

To recover the key for a system, you don't need the passphrase that was used to generate it; you can come up with any other passphrase that equates to the same key after processing.

With the SSID as the salt (which can be read using wi-fi sniffing sytems such as Aircrack-ng) this makes is easy using modern computers to create rainbow tables and the like. For a criminal based in a residential environment, this can make things worthwhile as the newer standards cover more distance and thus don't require the criminal to invest in a little extra equipment.

To quote Aircrack-NG - http://www.aircrack-ng.org/doku.php?id=cracking_wpa - "It can take hours, if not days, to crunch through a large dictionary." - and that isn't as much time as some people might think. Using external cloud services, this time can be reduced and can save a hacker having to obtain a PS3 chip to do the work.

Rainbow tables are available for common SSIDs; a pastebin of the top 1000 SSID keys are here; so don't use any of them!

Once a decent dictionary has been created, then no matter how often you change the password, it is not too hard for a criminal to re-crack your new password.

TKIP can be hacked
https://learningnetwork.cisco.com/thread/43091

AES can be hacked
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
128 bit keys require 2 to the power of 126.1 or 9.1176403e+37 - that's 911,764,030,000,000,000,000,000,000,000,000,000,000 operations. Or actually, as ths paper discusses, 1.8357543e+33 which is 1,835,754,200,000,000,000,000,000,000,000,000. Not unhackable with current processing power. Criminals are utilising all sorts of techniques and remember, if the user doesn't change the SSID and you are in a residential environment then this action could prove worthwhile. See what I previously said in the Aircrack-NG statement.

256 bits won't save you - http://eprint.iacr.org/2009/374
"In this paper we describe several attacks which can break {\it with practical complexity} variants of AES-256 whose number of rounds are comparable to that of AES-128. ... While neither AES-128 nor AES-256 can be directly broken by these attacks, the fact that their hybrid (which combines the smaller number of rounds from AES-128 along with the larger key size from AES-256) can be broken with such a low complexity raises serious concern about the remaining safety margin offered by the AES family of cryptosystems."

Another of the concerning things is that some modern units such as some Netgear units I have had the displeasure of configuring, didn't even have the option to stop management by internal wi-fi; so the box can be accessed by any device on the wi-fi channel. Once they're in, they can then start attacking the router itself without having to compromise an internal machine first.

Another issue is that some wireless units allow you to specify WPA2 with TKIP/AES, so use a conjoined format which doesn't allow you to turn off TKIP; therefore your router is vulnerable through the TKIP attacks. Part of this is all down to keeping your devices up to date - https://supportforums.cisco.com/thread/2156790

"Registration" or MAC address filtering fails because all the hacker needs to do is wait until the legitimate device is detached from the home network, and spoof their MAC address. eg. a mobile phone which goes with you to work.

Hiding the SSID key is thought by conventional wisdom, to be a problem because it allows the set up of another unit, by the hacker, with the same SSID and then allows them to capture traffic from a legitimate device by being a broadcast SSID; when they can then analyse.

Other steps to confound a hacker...

One-time pass keys which operate on a per-device basis. Router and device have enough storage to maintain a list of much longer, automatically generated keys which would push the complexity of a key way above current commercially available processors. With an identification sub-key, it would severely hamper simple MAC code cloning. To the user, distribution of a key can be done via bluetooth or a memory card and generated by the router by the press of a key. This is something which would need to be built in to a future standard. It would also allow a per-device filtering so that control could be maintained which would allow children's devices to be barred after a certain time, or filtered for inappropriate content.

Another would be, as mysticsam86 put forward, a captive portal. This would require a username/password combination in order to achieve access to the Internet itself. It is a solution which can be built in to future routers without having to require a standards change. It would also allow another feature; notification. At present, there is no easy way for a home user to determine whether they have been hacked. If a hacker were to try a brute force attack on the captive portal, however, then it is possible for the unit to send an e-mail, or flash a light, when too many incorrect attempts have been detected.

The down side to this is that after a re-connect, a password would have to be entered in to a device in order to be allowed past the captive portal; and the only reasonable way to do this is to require the password for all ports, not only HTTP and HTTPS.

So how do you keep yourself safe?
  • Change your SSID every week.
  • Turn off TKIP if you can and only use WPA2/AES.
  • Manufacturers need to stop using the SSID key as the salt.
  • Ensure you're router can't be "managed" from the internal wi-fi. If it can, then return the router.
  • Keep your SSID visible. Hackers can sniff it anyway.

5 comments:

beanfarmer said...

hay shell haven't had a chance to read the post in full yet but from what i can see plusnet are supplying you with a 3 year old router, anyways as previously suggested to you what about a firewall (like smoothwall or something) i know theres a hardware cost involved (and all the power usage/fan noise that goes with that, but you are bound to have an oldish machine laying around and wifi cards are cheap enough or what about using the little linux machine on your desk with a wifi dongle as the base station? hmmm think we need to skype it up again :P

Michelle said...

Yeh, skryping it up again sounds like an option; but I go to bed at about 11pm usually - I noticed the 1am-ish missed call :-D

I have a "contact" (read that loosely) within Netgear and I've mailed them this morning with some requirements/suggestions. They'll probably have to refer to the US. I'm not expecting them to get back to me for some time.

This is going to be a long haul thing.

Michelle said...

In actual fact, the FitPC doesn't need a dongle - it has wi-fi built in.

You know, that's actually a good suggestion given that it is on all the time. Good thinking SpexMan! (thumbs up)

D'rcy Bromley said...

I would use PFSence. www.pfsense.org/
just a small PC with a linux distro and a wireless card and you can lock it down. I have used in in my networks and haven’t had any issues

D'rcy Bromley said...

Try PFSence www.pfsense.org/. I have used it and have had no issues. Just a bit of setup time and there you go.

 
TNB | Distributed by Deluxe Templates