Mar 08 2012

News - Wi-Fi Alliance Finally Responds to WPS Vulnerability

WPS LogoA couple of months ago, security researchers released details about a security vulnerability in Wi-Fi Protected Setup, the pin-based system for quickly and easily adding new devices to a Wi-Fi network. As it turns out, routers with WPS enabled are susceptible to a brute force attack that allows interested hackers access to the network in just a couple of hours. In a recent statement, the Wi-Fi Alliance has announced that they have changed their testing and certification requirements in response to the vulnerability. Unfortunately, anyone who has already purchased a WPS-equipped router is left waiting for a fix from the manufacturer or forced to disable WPS, an option that is evidently not effective with all routers. 

While it sounds like the Wi-Fi Alliance will be taking care of the security hole on future devices, the statement doesn't address how it plans to do so, nor does it show that it is taking any steps to rectify the issue on old routers. By default, many devices ship with WPS enabled, and for now the only way to prevent an attack is to disable the feature. 

The Verge

Dec 31 2011

News - Wi-Fi Protected Setup Vulnerability Leaves Home Networks Exposed

WPS LogoFor the most part, people seem to fall into one of two categories when it comes to setting up their home networks. There are the control freaks such as myself who like to set everything up manually, perhaps even going so far as to provide static ip addresses for each new device. Then there are the folks who set their networks up for ease of use, expecting most functions to occur without administrative interaction. For those folks, Wi-Fi Protected Setup has been a godsend, enabling devices to easily join and leave the home network with minimal oversight. Technologies such as WPS have certainly made it easier for mainstream users to take advantage of their home networks and we have increasingly seen media streamers and networked home theater devices adopt WPS to spur mainstream adoption.

Unfortunately, a serious vulnerability has been found in WPS that makes brute force attacks relatively easy to run. Indeed, for the majority of routers an attacker could brute force WPS in just 2-4 hours. I know the odds of anyone wanting to access my home network are vanishingly small, but then again the whole reason I secure my network is to avoid that remote possibility. The worst part is that there is no fix right now, prompting experts to recommend turning off WPS. Should the issue be correctable by a software fix, it will require users to update their router's firmware. I already turn of WPS on my router simply because I do not use it, but are there any WPS users out there who feel like this a serious concern?

In his tests, Viehböck found that an authentication attempt takes between 0.5 and 3 seconds and the majority of routers don't implement lock-down periods after several consecutive failed WPS authentication attempts. Only one router from Netgear slowed its responses to failed authentication attempts in order to mitigate against the attack, but that only extended the attack time to a day or so -- otherwise it can take 2-4 hours.



Turns out that Viehbock wasn't the only researcher looking into this issue. Researchers at Tactical Network Solutions have been conducting similar research and have now released an open source tool for conducting WPS attacks. I think I might have to try and see if I can hack into my router.

Now the company has released an open-source version of its tool, Reaver, which Heffner says is capable of cracking the PIN codes of routers and gaining access to their WPA2 passwords "in approximately 4 [to] 10 hours." 

Ars Technica

Syndicate content
Website design by Yammm Software
Powered by Drupal