Skip navigation

Is Airport Extreme susceptible to the WiFi Protected Setup (WPS) Reaver attack?

5447 Views 13 Replies Latest reply: Mar 19, 2012 6:29 AM by rigormortis RSS
applecan Level 1 Level 1 (0 points)
Currently Being Moderated
Jan 9, 2012 8:29 AM

Just as the title says...  I don't think my AEBS offers WPS, so I would think that it would not be susceptible to the attack.  Does anyone know for sure?

Airport Extreme
  • Brent Engels Calculating status...

    I am also VERY interested in this answer.  Here's the link if anyone wants to know what we are talking about. aver



  • Tesserax Level 8 Level 8 (47,520 points)

    As we are all Apple-product users in these forums, I would doubt seriously if any one of us can confirm or deny that this issue affects the Apple routers. Even Apple does not release any information around security threats. So any responses would be, at best, pure speculation.

  • 221 Calculating status...

    Looks like by default AirPort/Time Capsule isn't vulnerable to attack.  Here's a copy of my post from another thread:


    Just wanted to add some input.  I ran some tests on my Time Capsule today with Reaver.  I used BackTrack 5 in Parallels Desktop with a USB wifi card (Netgear WG111v3).  By default, the router isn't susceptible to attack since the router isn't sending out a beacon and it can't attach to the router.  See attached picture.  However, the attack does begin if the "Add Wireless Clients" tool inside Airport Utility is open and waiting for a device to connect.  I didn't let the attack run out, but it seems like the attack WILL work only if you have the "Add Wireless Clients" tool open.  Hope this info helps guys.


  • Mitchell Smith Calculating status...

    OK, but there's no PIN on the outside of the AirPort Extreme; you have to set one in "Add Wireless Clients" in the AirPort Utility.


    So...if you don't set the PIN, and there's no default PIN, running this attack should yield nothing. The attack should try all combinations for the first four digits of the PIN, and never get a valid match reported by the Extreme.


    Of course, the only way to test my theory is to let the attack run :)

  • Dr. Fong Calculating status...

    I had been told that WPS was required for Wi-Fi standards certification and that certification also mandated that WPS be on by default, but their own site lists the WPS certifcation as an "optional" requirement. 


    221's BackTrack pen test seems to show that Apple's implimentation is either non-standard, or off by default, or both.  Wonder if we will ever get a real answer...  Thanks to applecan for asking and 221 for testing!

  • Frost162 Calculating status...

    I spent several hours trying to crack the wifi on my airport extreme using Reaver. Several attacks several different ways, and I still couldn't do it. If it is possible, it isn't easy!

  • rigormortis Level 2 Level 2 (215 points)

    the airport extreme does support WPS. it's just not very reliable with other manufactures implemations  and not recognized as a true wps device by the wifi alliance.


    in airport utility "first connect" is wifi protected setup push button, and pin is pin.


    i have  tried connecting other clients wifi devices that use wifi protected setup with my airport extreme base stations and my time capsule, and it has been hit and miss, some devices like my HTC FLYER will not negioate a connection on pin based connections, but will connect on the "first connect" setting. my hp brand printer doesn't seem to want to connect with push button, but it does connect with the pin number.


    also to be officially declared a WPS device by the wif-fi alliance, the router needs to be configured automatically by a computer, say windows 7, without having to download any software, the airport extreme and time capsules clearly do not support this feature, so they will never be cerified to be wps.


    as far as the reaver attack goes. i have no idea.

  • annoyed123 Calculating status...

    I have been trying with Reaver, does not work on my RT3070 and RTL8187L. His Mac has the Airport Extreme, April 2010 Macbook Pro (Broadcom BCM43xx) is the built in version. Doesn't even offer WPA. Neighbour and I tried it and within 2 mins I gained entry into his WiFi network using Beini.


    Wish apple would give us a firmware update to upgrade us to WPA or WPA2. Little bit behind the times apple....

  • rigormortis Level 2 Level 2 (215 points)

    a mac book pro 2010 not supporting WPA ?? thats impossible. so i understand your post that you hacked his WEP network in under 2 minutes. that is off topic. were not talking aboiut WEP here. were talking about a different attack.


    the only way his mac book pro 2010 could not support wpa or wpa 2 is he either removed the actual airport card and replaced it with some old 802.11 card manufactuered 12 years ago or his router is 12 years old


    i suppose you could be talking about ad-hoc mode. for some reason apple goes on a soap box and requires WPA or WPA 2 encryption to install osx over the internet or require the user to press a key when setting up an airport extreme base station to use WEP  but only supportts 40 bit WEP or 128 bit WEP for computer peer to peer networks that we create using the latest operating system available

  • annoyed123 Level 1 Level 1 (30 points)

    No, a Macbook Pro does not support WPA Internet sharing through Airport. I am talking about peer to peer / ad-hoc mode.


    I am aware what you are talking about.


    I am also aware that timecapsule/airport extreme do support a variety of encryption methods.


    I stated that the Broadcom BCM43xx internal Airport extreme cards also do not appear to be suseptable, since it doesn't support WPA. We also tried a reaver attack with his timecapsule with the RTL8187 and RT3070 devices.


    I mentioned WEP because new firmware could help secure it from attacks through stronger encryption methods. Thus, adding additional information to this topic and securing our internet sharing wireless hotspots.

  • rigormortis Level 2 Level 2 (215 points)

    stop talking about WPA as in " I stated that the Broadcom BCM43xx internal Airport extreme cards also do not appear to be suseptable, since it doesn't support WPA " were talking about WPS . as in Wifi Protected Setup.. WPA stands for  Wi-Fi Protected Access


    WPS = reaver attack

    WEP = WEP attack

    WPA / WPA 2 = offline  brute force attack of your 4 way handshake

  • annoyed123 Level 1 Level 1 (30 points)

    I know what it stands for. But WPS is still WPA/WPA2 right? at least from my understanding here:

  • rigormortis Level 2 Level 2 (215 points)

    no its not.


    Wifi protected setup is a optional feature of Wifi Protected Access. to get a wpa device WIFI certified by the wifi alliance you do not need to support WPS.


    when you tell people that a broadcom bcm43xxx series card does not support WPA, it is not tue.


    a good question about WPS is why does apple include this halfway hodgepodge support for WPS networks anyway? When i try to use the pin number or first attempt (push button)  to connect my mac book air or my brothers mac book pro it doesn't even work. It just sits there and spins the wheel saying waiitng for 1st attempt.


    i have a hp printer and a another manufactures wps supported wifi adapter which does connect to my airport extreme using wps mode.


    you think if apple is going to put their implimantation of wifi protected setup in their router, there own computers or the iphone and ipad  would be able to connect to it. but i have tried several times and nothing i own that is made by apple can even connect to their own router in wps mode


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.