SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
How to Bruteforce a WPA Fon Wlan
In this video, Myownremote shows us how to bruteforce a Fon AP running WPA. The interesting thing which he notes, is that a Fon AP's default WPA passphrase is it's serial number, printed under the box. These serial numbers are sequential, thus making it very easy to guess their entire range.
Myownremote finds a Fon AP and waits for a WPA handshake to happen (though he could have sent a Deauthentication packet to break the existing connection and speed things up) and then runs Aircrack-ng on it. He also supplies the entire range of passphrases (serial numbers) to Aircrack-ng to use as possible passphrases. Within a minute or so, Aircrack-ng cracks the WPA passphrase of the Fon AP.
This video goes on to show, that out of the box devices with default configurations will always be insecure. Fon did try to be innovative by using the serial number. But the fact that the entire serial number range was made trivial to guess, was the killer :)
Thanks go out to Myownremote (myownremote [] googlemail [] com) for submitting this video to us. You can visit his site here.
Myownremote finds a Fon AP and waits for a WPA handshake to happen (though he could have sent a Deauthentication packet to break the existing connection and speed things up) and then runs Aircrack-ng on it. He also supplies the entire range of passphrases (serial numbers) to Aircrack-ng to use as possible passphrases. Within a minute or so, Aircrack-ng cracks the WPA passphrase of the Fon AP.
This video goes on to show, that out of the box devices with default configurations will always be insecure. Fon did try to be innovative by using the serial number. But the fact that the entire serial number range was made trivial to guess, was the killer :)
Thanks go out to Myownremote (myownremote [] googlemail [] com) for submitting this video to us. You can visit his site here.
Related Videos from: Advanced Wireless Hacking
 |  | .jpg) |  | ||
You are Viewing this Video Now! | |||||
5990 views | 9150 views | 2078 views | 2443 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |