How To Bruteforce A Wpa Fon Wlan
|
|
|
||||||||||||
Description:
In this video, Myownremote shows us how to bruteforce a Fon AP running WPA. The interesting thing which he notes, is that a Fon AP's default WPA passphrase is it's serial number, printed under the box. These serial numbers are sequential, thus making it very easy to guess their entire range.
Myownremote finds a Fon AP and waits for a WPA handshake to happen (though he could have sent a Deauthentication packet to break the existing connection and speed things up) and then runs Aircrack-ng on it. He also supplies the entire range of passphrases (serial numbers) to Aircrack-ng to use as possible passphrases. Within a minute or so, Aircrack-ng cracks the WPA passphrase of the Fon AP.
This video goes on to show, that out of the box devices with default configurations will always be insecure. Fon did try to be innovative by using the serial number. But the fact that the entire serial number range was made trivial to guess, was the killer :)
Thanks go out to Myownremote (myownremote [] googlemail [] com) for submitting this video to us. You can visit his site here.
Myownremote finds a Fon AP and waits for a WPA handshake to happen (though he could have sent a Deauthentication packet to break the existing connection and speed things up) and then runs Aircrack-ng on it. He also supplies the entire range of passphrases (serial numbers) to Aircrack-ng to use as possible passphrases. Within a minute or so, Aircrack-ng cracks the WPA passphrase of the Fon AP.
This video goes on to show, that out of the box devices with default configurations will always be insecure. Fon did try to be innovative by using the serial number. But the fact that the entire serial number range was made trivial to guess, was the killer :)
Thanks go out to Myownremote (myownremote [] googlemail [] com) for submitting this video to us. You can visit his site here.