This was my thought, too - and those that do would recognize the fake control panel.

I think it's becoming more and more common for the PSK to come on a sticker from the all-in-one router/modem your ISP sends you. So, the user never sets a passphrase, never sees the control panel, and has the key ready to hand out by just looking at their "internet box." This attack is perfect for that.

If you bump into enough of these devices you'll learn that most use a limited keyspace for their encryption key. Case in point, the Motorola NVG510 used by AT&T Uverse HSI ADSL2+ (not to be confused with AT&T Uverse VDSL). They are all programmed with a SSID of ATT### and use a ten digit numerical PSK. As far as brute forcing them, it took my GeForce 550 three days to find the key of my test unit, and if I remember correctly five days to scan the entire keyspace. A newer and faster video card could have done it in hours.

If manufacturers stopped using fixed length keys for a particular product line and made use of the entire alphabet it would make this kind of exercise infeasible.

Using good passwords (i.e. alphanum, case sensitive, perhaps with some special characters) in end user deployment is a support nightmare. Imagine you are trying to tell such password to user over a phone on a support call. The 10 digit number sequence is unsafe but is easy to handle - people are used to phone numbers and account numbers.

A 10 digit number sequence has 33.2 bits of entropy. 3 diceware words has 38.7 bits of entropy. I don't think 10 numerical digits is easier to relay than 3 words. Although either would be far short of the ~90 considered fully secure, I think it's safe to say there are plenty of designs that would have been both safer and easier to use.

The words themselves are prone to end-user screw-ups though. Think of how many people don't know how to spell correctly... :P

You do have a good point there. It could work for home/apartment building attacks.

I'm not sure how many people know about the WPS button most routers have now, but I've got several people using it. It's rather slick when it works (I've only had it fail on HP printers). Windows 8 actually tells them to press the button. I think Android could make this more blatant to spread adoption.

You select the network on your device and press the WPS button and a few seconds later it's synced. Never need the password again.

WPS makes stealing the WPA PSK as trivially easy as WEP. Basically, WPS protects the WPA key with a 7-digit PIN - cracking that PIN is enough to authenticate with the router and have it provide the encryption key.

It seems like this should be easy to defend against, but everything I've ever read about WPS says no one seems to be putting any such protections in place.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Brute-for...

>WPS protects the WPA key with a 7-digit PIN - cracking that PIN is enough to authenticate with the router and have it provide the encryption key.

Not only that, but routers verify the first and second halves of the PIN separately. So instead of brute forcing in a keyspace of 10000000, you only need to find one number up to 10000, and a second number up to 1000. (The second half of the PIN is actually a 4-digit number as well, but the last digit is just a checksum digit.)

If it weren't for that issue, attacks would take months/years instead of minutes/hours.

I've also read that if you have the pin, you can get the password even after WPS is turned off, which means it's a permanent pwn.

Random comment I read somewhere, so may not be reliable.

WPS push button and WPS PIN are two separate features. If you only have WPS Push Button enabled you are not vulnerable.

But WPS PIN is the default, mandatory WPS method. WPS Push Button is an optional part of the spec.

I think "Phase 3" is indeed too much. I would think this tool would be more useful for "simple" MITM than for PSK phishing.