Looks like by default AirPort/Time Capsule isn't vulnerable to attack. Here's a copy of my post from another thread:
Just wanted to add some input. I ran some tests on my Time Capsule today with Reaver. I used BackTrack 5 in Parallels Desktop with a USB wifi card (Netgear WG111v3). By default, the router isn't susceptible to attack since the router isn't sending out a beacon and it can't attach to the router. See attached picture. However, the attack does begin if the "Add Wireless Clients" tool inside Airport Utility is open and waiting for a device to connect. I didn't let the attack run out, but it seems like the attack WILL work only if you have the "Add Wireless Clients" tool open. Hope this info helps guys.
OK, but there's no PIN on the outside of the AirPort Extreme; you have to set one in "Add Wireless Clients" in the AirPort Utility.
So...if you don't set the PIN, and there's no default PIN, running this attack should yield nothing. The attack should try all combinations for the first four digits of the PIN, and never get a valid match reported by the Extreme.
Of course, the only way to test my theory is to let the attack run :)
I had been told that WPS was required for Wi-Fi standards certification and that certification also mandated that WPS be on by default, but their own site lists the WPS certifcation as an "optional" requirement. http://www.wi-fi.org/knowledge-center/articles/wi-fi-protected-setup%E2%84%A2
221's BackTrack pen test seems to show that Apple's implimentation is either non-standard, or off by default, or both. Wonder if we will ever get a real answer... Thanks to applecan for asking and 221 for testing!
the airport extreme does support WPS. it's just not very reliable with other manufactures implemations and not recognized as a true wps device by the wifi alliance.
in airport utility "first connect" is wifi protected setup push button, and pin is pin.
i have tried connecting other clients wifi devices that use wifi protected setup with my airport extreme base stations and my time capsule, and it has been hit and miss, some devices like my HTC FLYER will not negioate a connection on pin based connections, but will connect on the "first connect" setting. my hp brand printer doesn't seem to want to connect with push button, but it does connect with the pin number.
also to be officially declared a WPS device by the wif-fi alliance, the router needs to be configured automatically by a computer, say windows 7, without having to download any software, the airport extreme and time capsules clearly do not support this feature, so they will never be cerified to be wps.
as far as the reaver attack goes. i have no idea.
I have been trying with Reaver, does not work on my RT3070 and RTL8187L. His Mac has the Airport Extreme, April 2010 Macbook Pro (Broadcom BCM43xx) is the built in version. Doesn't even offer WPA. Neighbour and I tried it and within 2 mins I gained entry into his WiFi network using Beini.
Wish apple would give us a firmware update to upgrade us to WPA or WPA2. Little bit behind the times apple....
a mac book pro 2010 not supporting WPA ?? thats impossible. so i understand your post that you hacked his WEP network in under 2 minutes. that is off topic. were not talking aboiut WEP here. were talking about a different attack.
the only way his mac book pro 2010 could not support wpa or wpa 2 is he either removed the actual airport card and replaced it with some old 802.11 card manufactuered 12 years ago or his router is 12 years old
i suppose you could be talking about ad-hoc mode. for some reason apple goes on a soap box and requires WPA or WPA 2 encryption to install osx over the internet or require the user to press a key when setting up an airport extreme base station to use WEP but only supportts 40 bit WEP or 128 bit WEP for computer peer to peer networks that we create using the latest operating system available
No, a Macbook Pro does not support WPA Internet sharing through Airport. I am talking about peer to peer / ad-hoc mode.
I am aware what you are talking about.
I am also aware that timecapsule/airport extreme do support a variety of encryption methods.
I stated that the Broadcom BCM43xx internal Airport extreme cards also do not appear to be suseptable, since it doesn't support WPA. We also tried a reaver attack with his timecapsule with the RTL8187 and RT3070 devices.
I mentioned WEP because new firmware could help secure it from attacks through stronger encryption methods. Thus, adding additional information to this topic and securing our internet sharing wireless hotspots.
stop talking about WPA as in " I stated that the Broadcom BCM43xx internal Airport extreme cards also do not appear to be suseptable, since it doesn't support WPA " were talking about WPS . as in Wifi Protected Setup.. WPA stands for Wi-Fi Protected Access
WPS = reaver attack
WEP = WEP attack
WPA / WPA 2 = offline brute force attack of your 4 way handshake
no its not.
Wifi protected setup is a optional feature of Wifi Protected Access. to get a wpa device WIFI certified by the wifi alliance you do not need to support WPS.
when you tell people that a broadcom bcm43xxx series card does not support WPA, it is not tue.
a good question about WPS is why does apple include this halfway hodgepodge support for WPS networks anyway? When i try to use the pin number or first attempt (push button) to connect my mac book air or my brothers mac book pro it doesn't even work. It just sits there and spins the wheel saying waiitng for 1st attempt.
i have a hp printer and a another manufactures wps supported wifi adapter which does connect to my airport extreme using wps mode.
you think if apple is going to put their implimantation of wifi protected setup in their router, there own computers or the iphone and ipad would be able to connect to it. but i have tried several times and nothing i own that is made by apple can even connect to their own router in wps mode