New WiFi Setup Flaw Allows Easy Router PIN Guessing

Trailrunner7 writes "There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT. The problem affects a number of vendors' products, including D-Link, Netgear, Linksys and Buffalo. 'I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,' Viehbock said."

WPS

[Shadyman]

As all of the of the more recent router models come with WPS enabled by default...

Don't you still have to physically push a button to (temporarily) enable WPS? If not, whose bright idea was *that*?

Re:WPS

[mkraft]

I believe you still have to put the router into setup mode even when using shared PIN mode. That limits the times this attack could possibly work.

Re:WPS

[b4dc0d3r]

HAHAHAHA I got a new Linksys. My WPS doesn't work at all. Joke's on them! HAHAHAHAWAit a minute.

Does it matter?

[wbr1]

Since most people (home consumers) can't be bothered to change a default name/password/ssid on damn things anyway about 80% or more are unsecure as it it. If you want a secure connection, don't use the air, use a wire, and better yet, make sure you own and monitor its entire length.

Re:Does it matter?

[davester666]

Rubbish. That's just half-assed security.

If you want real security, you need to personally design the chips, fab them [then microwave the resulting chips to make sure they actually fabbed your design], then put fabricate the pcb, solder it all together, then write the router's OS.

Oh, and for extra credit, implement your own personal wireless protocol [using either/both of the public 2.4/5 GHz frequencies] for both the router you just fabbed as well as for your computing devices.

Re:Does it matter?

[LordLimecat]

WPA2-PSK is, I would argue, more secure than bog-standard wired ethernet. Wired ethernet is trivial to tap with a laptop with a USB-ethernet port bridged to its internal NIC. Its also possible to tap by simply capturing the EM emissions from the line. ARP poisoning could also trivially reveal plaintext passwords, and what sites you visit.

With properly set up wifi, on the other hand, every communication is encrypted, HTTPS or not. Im not sure as Ive never tried, but I do not believe that you can arp-poison a wifi connection that has been secured with WPA2.

Of course you can throw in IPsec, but you can do that regardless of the physical layer involved.

Nothing new

[ewanm89]

Same old thing, default configuration is bad.

Re:Nothing new

[gadzook33]

I guess. Except that shouldn't be (isn't?) true. Is the default mode I use SSL in bad? Is Amazon's security bad?

I just can't believe how incredibly poor this implementation was. For that matter, I can't believe no one noticed it up until now. This just seems like security 101 stuff. If nothing else it shouldn't have passed the you-don't-get-something-for-nothing common sense check.

Re:Nothing new

[swillden]

Same old thing, default configuration is bad.

Not really. That would imply that changing the default configuration to something else would fix the problem, but it doesn't. The only thing that fixes it is disabling WPS. Well, I suppose setting a really long PIN -- but the default is 8 digits which most people would expect is reasonable anyway. If the protocol didn't leak information about the PIN, or the device didn't allow brute force searches, this wouldn't be a problem.

This isn't a default configuration problem, this is a security protocol defect coupled with an implementation error.

Re:ok...

[stevel]

No. If your router supports the "external" authentication mode using only a PIN, it is vulnerable no matter which encryption type you use or how good your password is. I did not realize that there was such a mode - I too thought it required the pushbutton.

The easiest mitigation is to disable the WPS PIN on your router, re-enabling it when you want to add a device. Some routers may not have such an option, but at least mine does.

Scary.

Too much information?

[jsm18]

"The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak"

Does anyone else visualize a router responding with: "Getting warmer!"

Re:and this is why I didn't trust WPS

[Waffle+Iron]

It sounds like all of your gear has been damned. That probably means that you have bigger things to worry about than security threats coming from this world.

Simple mistake, simple correction

[romiz]

From the PDF, the implementation mistake is to give the attacker feedback on whether the tried key is correct after the first half of authentication (phase M4), and then after the complete authentication (phase M6). Since the PIN is only 8 digits, and the last one is a checksum, the problem is reduced to guessing 1 number in 10000, and then 1 in 1000.

The document states that there are few possible mitigations for the problem. However, it skips the obvious one: do not notify authentication success/failure until the response to the M6 message. This would restore the 1 in 10,000,000 guessing complexity of the PIN code, without changing the protocol. It should even be a new issue tested by the compliance suite the vendors need to pass to get the WPS certification.

Designed by complete morons

[gweihir]

The attack in short: WPS NACKs a partially transmitted PIN if the first part is wrong. This leaves 20k trials needed for brute-force, instead of 1M.

I have no idea how people this incompetent get to design widely used protocols.