Jump to content
Fi8sVrs

TalkTalk Router - WPS Exploit

Recommended Posts

  • Active Members

Purpose of this Article

This article demonstrates a vulnerability found in the 'Super Router' router provided by the internet service provider TalkTalk to its customers. The vulnerability discovered allows the attacker to discover the Super Router's WiFi Password by attacking the WPS feature in the router which is always switched on, even if the WPS pairing button is not used.

The purpose of this article is to encourage TalkTalk to immediately patch this vulnerability in order to protect their customers.

 

Tools Used

  • Windows Based Computer
    (Other tools on unix platforms may be just as effective, but for the purpose of this article we will focus on one)
  • Wireless Network Adapter
  • TalkTalk Router within Wireless Network Adapter Range
  • Software 'Dumpper' available on Sourceforge (Tested with v.91.2)

 

Steps to Reproduce

Step 1: Run Dumpper and navigate to the WPS tab and select the target WiFi BSSID.

talktalk1430-step-0.png

 

Step 2: Click 'WpsWin' to begin probing the BSSID for the WPS pin.

talktalk1430-step-1.png

 

Step 3: After a couple of seconds, the WiFi access key to this network will be displayed bottom right.

talktalk1430-step-2.png

 

Scale of Vulnerability

This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version.

TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later. It is also documented across various community forums. Links:

 

Disclosure

TalkTalk have been notified of this vulnerability on the day of the article being written (21 May 2018)

Typically a 30 day period from discovery to public release would be granted. However, in this case, as TalkTalk were made aware of this exploit back in 2014, public release is immediate.

 

Date                        Disclosure
21 May 2018 Delivered to TalkTalk.
21 May 2018 Date of public release.

 

 

Reference: https://securityaffairs.co/wordpress/72805/laws-and-regulations/talktalk-super-routers-flaws.html

 

Source: https://www.indigofuzz.com/article.php?docid=talktalk1430

 

 

 

 

Edited by OKQL
  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...