Android Can Now Hack WiFi!

[ionbasa]

A few clever people managed to get monitor mode enabled on two Broadcom wireless chipsets by reverse engineering the radio's firmware!

 

 

The WiFi adapter in your laptop has a special mode – monitor mode – that can be used to listen in on WiFi traffic and, with a little patience, can be used to crack a WEP password. Surprisingly, this monitor mode can’t be found on any Android device due in part to the limitations of the hardware. A group of three researchers, [Ruby], [Yuval], and [Omri], decided to spend their vacation adding monitor mode to their Android smartphones, allowing for a much more portable version of WiFi pwnage tools. The phones used by the researchers – the Nexus One and Galaxy S II – used Broadcom chipsets that didn’t support monitor mode. To get around this limitation and allow the OS to see full 802.11 frames the team needed to reverse engineer the firmware of this Broadcom radio chip.

http://hackaday.com/2012/09/18/android-hack-cracking-wifi-passwords-with-your-phone/

 

One month later someone over at the XDA-Developers forum developed a GUI powered by Reaver, and thus Android is now able to crack WiFi APs that have WPS enables:

http://forum.xda-developers.com/showthread.php?t=2456888

 

 

 

What is Reaver?
Reaver-WPS is a pentesting tool developed by Tactical Network Solutions.
It attacks WPS-enabled routers and after the WPS-Pin is cracked, it retrieves the actual WPA-Key.
Reaver provides only a terminal interface, which is ok for Notebooks etc., however it's a pain on Android devices.
Because of this I developed RfA.

 

 

Thoughts? I have already tested it on my network, I keep WPS disabled because of this. I also have DD-WRT running on my router, I suggest others follow suit, as manufacturers are known for leaving default "WPS" keys enabled on their routers. This is also exciting as previously the only real way to have anything remotely close was to use a Network Penetration testing Suit/OS such as Backtrack or Kali Linux. Now Network admins and others can test their WiFi security from their mobile phones, (and get internet when on vacation  ).

[James_AJ]

Sorry for my network ignorance, but what is WPS?

[ionbasa]

Sorry for my network ignorance, but what is WPS?

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

[LAwLz]

Thoughts? I have already tested it on my network, I keep WPS disabled because of this. I also have DD-WRT running on my router, I suggest others follow suit, as manufacturers are known for leaving default "WPS" keys enabled on their routers. This is also exciting as previously the only real way to have anything remotely close was to use a Network Penetration testing Suit/OS such as Backtrack or Kali Linux. Now Network admins and others can test their WiFi security from their mobile phones, (and get internet when on vacation  ).

You can do it in Windows and OS X as well.

 

Anyway I think this is interesting, but not really useful in any way. We have had these kinds of tools for a long time, it's just that we can do now it on some phones as well.

[ionbasa]

You can do it in Windows and OS X as well.

 

Anyway I think this is interesting, but not really useful in any way. We have had these kinds of tools for a long time, it's just that we can do now it on some phones as well.

I never was able to get aircrack running on Windows, only on linux distros. The idea is that now you might not have to lug around a laptop to do it, just use your tablet or phone; as long as it uses a supported chipset.

[James_AJ]

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

oooohhhhhhhh then I'm safe as I set my own network config with WPA2 key.

[ionbasa]

oooohhhhhhhh then I'm safe as I set my own network config with WPA2 key.

Not really, If your AP has a WPS button it may still be enabled in the AP's firmware. Also WPS is used in conjunction with WPA2. You have to manually disable this in the firmware of your router, although some routers do not even let you disable this feature. These routers are usually the type that your ISP provides for free.

[bradscoolio]

Will definitely find a use for this. Cheers!

[mgsstar]

Seen this on XDA a while ago. This only works on rooted devices with bcm4329/4330 wifi chipset. Sort of sad that some routers have WPS enabled out of the box because it is basically making the network like public wifi if people know how to take advantage of it.

[ionbasa]

Seen this on XDA a while ago. This only works on rooted devices with bcm4329/4330 wifi chipset. Sort of sad that some routers have WPS enabled out of the box because it is basically making the network like public wifi if people know how to take advantage of it.

Yup, I have a HD2 running android and so far it works 80% of the time. What is even more sad are the routers where WPS can't be disabled do to locked down firmware.

[Lukiose]

Wait, so can i use this to hack people's Wifi on the go? Sweet.

[lhikary]

time for some free wifi

[Andrew48]

Sweet!

[mr moose]

This kind of stuff has always intrigued me, however I couldn't be stuffed learning how to so something I will probably only ever need once or twice, and even then it wouldn't be essential just for convenience not necessary.