Stefan Viehbock has just discovered a major security vulnerability which allows someone to use a brute force attack to access a WPS PIN-Protected network in about two hours. According to Viehbock, a design flaw allows the WPS protocol’s 8-digit PIN security to fall dramatically as more and more attempts are made. This flaw after each failed attempt will cause the router to send a message stating whether the first four digits are correct while the last digit of the key is used as a checksum and then given out by the router in negotiation. This results in what was a 100,000,000 possible choices that was initially considered for WPS security level to drop drastically down to around 11,000.
The reasoning behind the original design was to make it easier to bring new device onto your home network more easily especially for unskilled home users. This method now allows it to be much easier for hackers to break into a secure Wi-Fi network as well.
"A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology,"Viehbock said in a blog post. "I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide."
US-CERT said in its warning that there is no known fix to the security problem. Instead, the group recommends that users disable the WPS function on their routers. The warning lists several wireless router vendors as selling devices that are affected by the security hole: Buffalo, D-Link, Cisco Linksys, Netgear, Technicolor, TP-Link, and ZyXEL.
US-CERT indicated in its warning that it notified router vendors that are affected by the security issue in early December, but so far the vendors have not offered a response nor have any of them issued statements.
For more information: