A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

TalkTalk DSL-3680 WPS security vulnerability



 
 
Thread Tools Display Modes
  #1  
Old December 21st 14, 12:06 AM posted to uk.telecom.broadband
Masta Ace
external usenet poster
 
Posts: 5
Default TalkTalk DSL-3680 WPS security vulnerability

It's not Reaver this time.

The hack tool Dumpper is able to obtain the TalkTalk DSL-3680 WPS PIN in
about one second. WPS PIN is enabled by default on the router, so once
obtained full wi-fi access is granted.

In addition, the default DSL-3680 SSID contains a set of hexadecimal
characters. When the characters are converted to decimal, it reveals 7
of the 8 digits of the WPS PIN. The final digit can of course just be
gained by trial and error.

Very poor wi-fi security on this router.
  #2  
Old December 21st 14, 12:52 AM posted to uk.telecom.broadband
Woody
external usenet poster
 
Posts: 759
Default TalkTalk DSL-3680 WPS security vulnerability

"Masta Ace" wrote in message
...
It's not Reaver this time.

The hack tool Dumpper is able to obtain the TalkTalk
DSL-3680 WPS PIN in about one second. WPS PIN is enabled
by default on the router, so once obtained full wi-fi
access is granted.

In addition, the default DSL-3680 SSID contains a set of
hexadecimal characters. When the characters are converted
to decimal, it reveals 7 of the 8 digits of the WPS PIN.
The final digit can of course just be gained by trial and
error.

Very poor wi-fi security on this router.




What is the underlying make - D-Link, Huawei, or some other?


--
Woody

harrogate three at ntlworld dot com


  #3  
Old December 21st 14, 01:19 AM posted to uk.telecom.broadband
Masta Ace
external usenet poster
 
Posts: 5
Default TalkTalk DSL-3680 WPS security vulnerability

On 20/12/2014 23:52, Woody wrote:
What is the underlying make - D-Link, Huawei, or some other?


It's manufactured for TalkTalk by D-Link.
  #4  
Old December 21st 14, 10:32 AM posted to uk.telecom.broadband
grinch
external usenet poster
 
Posts: 70
Default TalkTalk DSL-3680 WPS security vulnerability

On 21/12/14 00:19, Masta Ace wrote:
On 20/12/2014 23:52, Woody wrote:
What is the underlying make - D-Link, Huawei, or some other?


It's manufactured for TalkTalk by D-Link.


The fact that WPS is vulnerable has been around for a number of years ,I
turned it off on my internal AP about 4 years ago.
  #5  
Old December 21st 14, 01:06 PM posted to uk.telecom.broadband
Roderick Stewart
external usenet poster
 
Posts: 573
Default TalkTalk DSL-3680 WPS security vulnerability

On Sun, 21 Dec 2014 09:32:00 +0000, grinch
wrote:

On 21/12/14 00:19, Masta Ace wrote:
On 20/12/2014 23:52, Woody wrote:
What is the underlying make - D-Link, Huawei, or some other?


It's manufactured for TalkTalk by D-Link.


The fact that WPS is vulnerable has been around for a number of years ,I
turned it off on my internal AP about 4 years ago.


Likewise. I never use it, as it appears to be completely superfluous
and therefore just something else to go wrong. Why anybody thinks that
typing a PIN to get connected is any easier than typing a password to
get connected is utterly beyond me.

Rod.
  #6  
Old December 21st 14, 01:53 PM posted to uk.telecom.broadband
Masta Ace
external usenet poster
 
Posts: 5
Default TalkTalk DSL-3680 WPS security vulnerability

On 21/12/2014 12:06, Roderick Stewart wrote:

Likewise. I never use it, as it appears to be completely superfluous
and therefore just something else to go wrong. Why anybody thinks that
typing a PIN to get connected is any easier than typing a password to
get connected is utterly beyond me.


Yup, I can confirm disabling WPS on the DSL-3680 makes the attack
impossible. Sadly these routers in their default state, which probably
number in the millions, have WPS enabled. I suspect the vast majority of
TalkTalk customers will not go into "advanced" settings to disable it.
  #7  
Old December 21st 14, 01:54 PM posted to uk.telecom.broadband
Woody
external usenet poster
 
Posts: 759
Default TalkTalk DSL-3680 WPS security vulnerability

"Roderick Stewart" wrote in
message news
On Sun, 21 Dec 2014 09:32:00 +0000, grinch

wrote:

On 21/12/14 00:19, Masta Ace wrote:
On 20/12/2014 23:52, Woody wrote:
What is the underlying make - D-Link, Huawei, or some
other?

It's manufactured for TalkTalk by D-Link.


The fact that WPS is vulnerable has been around for a
number of years ,I
turned it off on my internal AP about 4 years ago.


Likewise. I never use it, as it appears to be completely
superfluous
and therefore just something else to go wrong. Why anybody
thinks that
typing a PIN to get connected is any easier than typing a
password to
get connected is utterly beyond me.



Yes and, er, no?

The WPS method is (I think) really intended for connect dumb
items - like a wireless printer where, unless the user has
the know-how to connect to the printer and set it up, it is
impossible to enter a key be that text or PIN. Having been
playing with such of late my belief is that the handshake
should be printer initiated so removing a possible router
access vulnerability.


--
Woody

harrogate three at ntlworld dot com


  #8  
Old December 21st 14, 02:01 PM posted to uk.telecom.broadband
Masta Ace
external usenet poster
 
Posts: 5
Default TalkTalk DSL-3680 WPS security vulnerability

On 21/12/2014 12:54, Woody wrote:

Yes and, er, no?

The WPS method is (I think) really intended for connect dumb
items - like a wireless printer where, unless the user has
the know-how to connect to the printer and set it up, it is
impossible to enter a key be that text or PIN. Having been
playing with such of late my belief is that the handshake
should be printer initiated so removing a possible router
access vulnerability.


WPS exist in two variants, Push Button and PIN. From what I have seen,
Push Button is pretty safe, and can exist separately from the PIN method
(e.g. the latest Home Hubs).

It's the PIN method of WPS that seems to be riddled with security holes.
But the DSL-3680 goes one step further by broadcasting 7 of the 8 digits
of the PIN in the SSID, which is just madness. It's no worse than a
manufacturer making the default SSID the WPA key in reverse.
  #9  
Old December 21st 14, 04:19 PM posted to uk.telecom.broadband
Roderick Stewart
external usenet poster
 
Posts: 573
Default TalkTalk DSL-3680 WPS security vulnerability

On Sun, 21 Dec 2014 12:54:25 -0000, "Woody"
wrote:

The fact that WPS is vulnerable has been around for a
number of years ,I
turned it off on my internal AP about 4 years ago.


Likewise. I never use it, as it appears to be completely
superfluous
and therefore just something else to go wrong. Why anybody
thinks that
typing a PIN to get connected is any easier than typing a
password to
get connected is utterly beyond me.



Yes and, er, no?

The WPS method is (I think) really intended for connect dumb
items - like a wireless printer where, unless the user has
the know-how to connect to the printer and set it up, it is
impossible to enter a key be that text or PIN. Having been
playing with such of late my belief is that the handshake
should be printer initiated so removing a possible router
access vulnerability.


You need more or less the same know-how to log in to a network printer
via its IP address and password as you do to log in to a router,
access point, bridge, backup drive or any other local network device.
The fact that it's a printer shouldn't offer any additional obstacles.

The additional complication of another system however, over and above
the existing IP/username/password system is, IMHO, something that the
inexperienced do not need. Automatics are fine until they go wrong,
and then you're worse of than without them.

Rod.
  #10  
Old January 1st 15, 04:05 AM posted to uk.telecom.broadband
Brian Gregory
external usenet poster
 
Posts: 123
Default TalkTalk DSL-3680 WPS security vulnerability

On 21/12/2014 12:06, Roderick Stewart wrote:
Likewise. I never use it, as it appears to be completely superfluous
and therefore just something else to go wrong. Why anybody thinks that
typing a PIN to get connected is any easier than typing a password to
get connected is utterly beyond me.


You should be using a password that is way harder to type than a short
PIN. I would recommend a minimum of 40 randomly chosen characters.

--

Brian Gregory (in the UK).
To email me please remove all the letter vee from my email address.
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
TalkTalk security or rather lack of if true. Weatherlawyer uk.telecom.broadband (UK broadband) 0 August 14th 07 06:03 PM
Security Roy Amin uk.comp.home-networking (UK home networking) 49 November 19th 06 04:55 PM
Maybe OT - Asterisk vulnerability reported ▀°dincÁs uk.telecom.voip (UK VOIP) 2 June 27th 05 06:39 PM
VPN Security Geoff Lane uk.comp.home-networking (UK home networking) 0 April 18th 05 09:26 PM
ad hoc security Jim uk.comp.home-networking (UK home networking) 23 November 30th 04 10:29 AM


All times are GMT +1. The time now is 09:57 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ę2004-2019 BroadbanterBanter.
The comments are property of their posters.