Slashdot Mirror

← Back to Stories (view on slashdot.org)

New WiFi Setup Flaw Allows Easy Router PIN Guessing

Posted by Soulskill on from the orders-of-magnitude dept.

Trailrunner7 writes "There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT. The problem affects a number of vendors' products, including D-Link, Netgear, Linksys and Buffalo. 'I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,' Viehbock said."

3 of 86 comments (clear)

  1. Re:ok... by stevel · · Score: 5, Informative

    No. If your router supports the "external" authentication mode using only a PIN, it is vulnerable no matter which encryption type you use or how good your password is. I did not realize that there was such a mode - I too thought it required the pushbutton.

    The easiest mitigation is to disable the WPS PIN on your router, re-enabling it when you want to add a device. Some routers may not have such an option, but at least mine does.

    Scary.

  2. Re:Does it matter? by davester666 · · Score: 5, Funny

    Rubbish. That's just half-assed security.

    If you want real security, you need to personally design the chips, fab them [then microwave the resulting chips to make sure they actually fabbed your design], then put fabricate the pcb, solder it all together, then write the router's OS.

    Oh, and for extra credit, implement your own personal wireless protocol [using either/both of the public 2.4/5 GHz frequencies] for both the router you just fabbed as well as for your computing devices.

    --
    Sleep your way to a whiter smile...date a dentist!
  3. Designed by complete morons by gweihir · · Score: 5, Insightful

    The attack in short: WPS NACKs a partially transmitted PIN if the first part is wrong. This leaves 20k trials needed for brute-force, instead of 1M.

    I have no idea how people this incompetent get to design widely used protocols.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.