Attack Tool Released For WPS Setup Flaw

Posted by samzenpus on Thursday December 29, 2011 @10:05PM from the choose-your-weapon dept.

Trailrunner7 writes "Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Tactical Network Solutions has released the tool as an open-source project on Google Code, but also is selling a more advanced commercial version."

1 of 164 comments (clear)

Min score:

Reason:

Sort:

Re:WTF is WPS? by errandum · 2011-12-29 22:29 · Score: 5, Informative

The problem is not the need for the giant button, it's that it is on by default in some routers.
I own a D-Link and I did set up everything by hand, but since I didn't want to use this, I simply didn't touch the option - assuming that, by default, this would be off.
I was wrong, and corrected that, but I wonder how many of those people that use the setup wizard know enough to even get to the advanced features, much less turning this off because it is a security risk.