Wi-Fi Alliance Finally Responds to WPS Vulnerability
A couple of months ago, security researchers released details about a security vulnerability in Wi-Fi Protected Setup, the pin-based system for quickly and easily adding new devices to a Wi-Fi network. As it turns out, routers with WPS enabled are susceptible to a brute force attack that allows interested hackers access to the network in just a couple of hours. In a recent statement, the Wi-Fi Alliance has announced that they have changed their testing and certification requirements in response to the vulnerability. Unfortunately, anyone who has already purchased a WPS-equipped router is left waiting for a fix from the manufacturer or forced to disable WPS, an option that is evidently not effective with all routers.
While it sounds like the Wi-Fi Alliance will be taking care of the security hole on future devices, the statement doesn't address how it plans to do so, nor does it show that it is taking any steps to rectify the issue on old routers. By default, many devices ship with WPS enabled, and for now the only way to prevent an attack is to disable the feature.