Reaver attack tutorial/demonstration using the OG150 now available to download for free! WPA2 PSK CRACKED IN 4 SECONDS!! Download the PDF tutorial from http://www.og150.com/tutorials.php.
Attack was demonstrated on a Linksys WAG54G2 router with v1.00.10 software.
Besides being interesting, this could be a fun party trick ;-).
Seriously, a giant vulnerability. Make sure your AP firmware is up-to-date, and disable WPS if it's not being used.
Thanks for the comment Howard. I agree with your comments, my only concern is that many APs 'say' that WPS is disabled but it is actually enabled :-( This is really bad and leads people into a false sense of security. In this case, the only way to 'prove' your WPS is disabled is either doing a packet capture of the beacons or use the 'Wash' element of Reaver.
Great article and very well documented! A BIG NOTE OF THANKS to Darren for all his sincere efforts and sharing the knowledge.
Howard - you are right in your advice about disabling WPS and updating firmware. I think the problem could be more acute for discrete electronic embedded devices like Televison sets, Media Players, Cameras and such application specific devices - handling of which is almost always a matter of intuition & scary(if I'm not wrong) for general end users aka consumers.
What an irony! WPS was introduced for the sake of simplicity(push-button configuration) & now addressing the flaw here remains a big concern.