Security researcher Stefan Viehbock has revealed a flaw with Wi-Fi Protected Setup that could enable attackers to brute-force their way into PIN-protected networks in a short period of time. Although WPS-enabled routers can be protected by 8-digit pins, Viehbock’s attack works by exploiting poor design decisions in the WPS handshaking process that reduces the number of possibilities. Instead of having to test 108 combinations, the attack code really only has to try about 11,000.
Viehbock reported the vulnerability to the U.S. Computer Emergency Readiness Team (US-CERT) (which released a vulnerability note yesterday), and earlier this month contacted makers of routers confirmed to be vulnerable to the attack. However, Viehbock says no hotspot makers have issued fixes.
“To my knowledge none of the vendors have reacted and released firmware with mitigations in place,” Viehbock wrote in his blog. Routers affected include models made by D-Link, Belkin, Linksys, Netgear, ZyXel, TP-Link, Technicolor, and Buffalo.
Wi-Fi Protected Setup
- After 14 years, a new generation of Wi-Fi security is coming. Here’s what to know
- ADT’s new cybersecurity suite adds four levels of digital protection
- Stay safe on the web and save up to $70 with McAfee Total Protection
- How A.I. can defeat malware that doesn’t even exist yet
- The best iPhone 8 cases and covers