Security researcher Stefan Viehbock has revealed a flaw with Wi-Fi Protected Setup that could enable attackers to brute-force their way into PIN-protected networks in a short period of time. Although WPS-enabled routers can be protected by 8-digit pins, Viehbock’s attack works by exploiting poor design decisions in the WPS handshaking process that reduces the number of possibilities. Instead of having to test 108 combinations, the attack code really only has to try about 11,000.
Viehbock reported the vulnerability to the U.S. Computer Emergency Readiness Team (US-CERT) (which released a vulnerability note yesterday), and earlier this month contacted makers of routers confirmed to be vulnerable to the attack. However, Viehbock says no hotspot makers have issued fixes.
“To my knowledge none of the vendors have reacted and released firmware with mitigations in place,” Viehbock wrote in his blog. Routers affected include models made by D-Link, Belkin, Linksys, Netgear, ZyXel, TP-Link, Technicolor, and Buffalo.
Wi-Fi Protected Setup