WiFi WPS security vulnerability found, major router makers affected

Wireless network administrators, beware: a vulnerability in the WiFi Protected Setup in some wireless routers threatens to make it easier for attackers to gain access to the router via brute force, a tech site reported.

 

The Hacker News said security researcher Stefan Viehbock discovered the vulnerability and reported it to the US Computer Emergency Readiness Team (CERT).

 

"I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide" The Hacker News quoted Viehbock as saying (http://thehackernews.com/2011/12/easy-router-pin-guessing-with-new-wifi.html).

 

For its part, the US-CERT Knowledge Base said the design flaw in the WPS specification for authenticating the PIN reduces the time needed to brute-force the entire PIN.

 

It said the flaw "allows an attacker to know when the first half of the eight-digit PIN is correct."

 

"It has been reported that some wireless routers do not implement any kind of lock out policy for brute force attempts. This greatly reduces the time required to perform a successful brute force attack. It has also been reported that some wireless routers resulted in a denial-of-service condition because of the brute force attempt and required a reboot," the US-CERT knowledge base added.

 

One possible consequence is that an attacker within range of the wireless router can brute-force the PIN and retrieve the password.

 

The attacker can then "change the configuration of the access point, or cause a denial of service."

 

For now, US-CERT said the only workaround is to disable WPS.

 

"Although the following will not mitigate this specific vulnerability, best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network," it said.

 

The CERT also indicated affected vendors include:

 

 

— TJD, GMA News