Secure Wi-Fi? Not so Much -- Gaping Hole Found in WPS Pin System
December 29, 2011 12:42 PM
comment(s) - last by
The Department of Homeland Security suggests the only solution is to disable WPS
NETGEAR, Inc. (
), Cisco System, Inc.'s (
) Linksys, D-Link Corp (
), and Belkin, Inc. are some of the biggest makers of routers. If you own a router, there's a good chance you own a router from one of these manufacturers. And if you own a router from them, there's a good chance you used Wi-Fi Protected Setup (WPS) -- a PIN protected method -- to easily set up your home network. And that means that there's a good chance your security is now at serious risk.
WPS was dreamed up by
the Wi-Fi Alliance
as a means of easing the pain of home networking. But by including a flag in the EAP-NACK message, the standard unwittingly left a gaping hole that can be exploited by hackers to subvert your router.
The message tells the user if the first half of the pin they typed was right. Thus it drastically reduces the time needed to crack the PIN using a brute force attack. Add in that the last bit of the PIN is always its checksum, you have a recipe for a security disaster.
[Image Source: Best Wireless Internet Routers Blog]
The flaw reduces the time it takes to crack your average PIN from 10
attempts to 10
attempts (11,000 attempts total). Assuming you can fire off ten requests or more a second, you should be able to crack routers in minutes.
U.S. Department of Homeland Security
issued a warning
to the public
about the flaw. It
disabling WPS. This may be a painful option for less savvy operators, though, as setting up a network with more sophisticated protections can require a bit of learning.
the vulnerability and reported it to the DHS. He claims that none of the major manufacturers stepped up to the plate with a patch. He is going to release a C-coded exploitation tool shortly -- perhaps that will help prompt the business into action.
.BrainDump (Stefan Viehbock)
Department of Homeland Security
This article is over a month old, voting and posting comments is disabled
12/30/2011 9:05:15 AM
Exactly, to put it another way: it will take longer to find your device's MAC, write it down, login to your AP and type it in than your attacker will take to clone it.
"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain
Homeland Security Warns About Latest Dangerous Apple Browser Bug
May 10, 2010, 5:20 PM
WiGig Specifications Completed
December 10, 2009, 11:16 AM
Man Finds He Is On "Most Wanted" List in California from Google Search
March 17, 2014, 9:50 AM
Facebook CEO Called President Barack Obama to Complain About NSA Spying
March 14, 2014, 1:40 PM
Quick Note: Google Drive 100GB, 1TB Plans See Major Price Cuts
March 13, 2014, 2:45 PM
Target Missed Early Warning Signs of Holiday Data Breach
March 13, 2014, 1:45 PM
Amazon Increases Prime Subscription to $99/year Starting March 19
March 13, 2014, 8:23 AM
Bitcoin King's American Accounts Get Frozen
March 13, 2014, 3:00 AM
Most Popular Articles
Malaysian Airlines Flight 370 Made Wild Altitude Changes
March 14, 2014, 9:21 PM
Tesla Motors Calls New Jersey Out on New Rule Against Its Direct Sales Model
March 11, 2014, 12:01 PM
Hack Reveals Fallen Bitcoin CEO's Posh Tokyo Penthouse
March 10, 2014, 4:28 PM
Apple Authorized to Seek $40 Per Device Against Samsung
March 13, 2014, 4:31 PM
Man Who Shot Father for Texting During Movie Previews Was Also Texting
March 14, 2014, 2:25 PM
Latest Blog Posts
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information