Like all brute force attacks; when you simplify certain actions, you will have the possibility of open holes where hackers can gain into the system. Wi-Fi’s Protected Security mode (or known as WPS for short) has fallen to that hole.

Wi-Fi Protected Security is a function that allows users to simply press the WPS button on the router and allow the device attempting to connect to the router, meaning that users do not have to remember the wireless password every time.

Although it is a nice thing to have, security researcher Stefan Viehbock has uncovered a major security hole which allows him to use brute force his way into the router in about two hours with the help of the WPS function. Based on Stefan Viehbock’s research, a design flaw allows the WPS’s 8-digit PIN security to fall dramatically as additional attempts are made. As more and more attempts are made, the router will send back a message saying whether the first four digits are correct and the last digit of the password is used as a checksum and given out by the router in negotiation.  The flaw has decreased the attempts from 100,000,000 possibilities to 11,000 possibilities, 9,000 times less.

Stefan Viehbock has reported this vulnerability and the affected router manufacturers to the US Computer Emergency Readiness Team (US-CERT). the US CERT has then issued a warning about the vulnerability and suggests that the safest option for users is to disable WPS on your router. He also claimed that he attempted to discuss the issue with hardware vendors, like Buffalo, D-Link, Linksys, and Netgear, who are all vulnerable to the attacks; though his attempts has been ignored. Probably when Stefan Viehbock releases a tool to crack the WPS key, which he has promised to, the manufacturers will respond.

More information including a PDF on his research is on his blog at http://sviehb.wordpress.com

Comments