New WiFi Setup Flaw Allows Easy Router PIN Guessing 86
Trailrunner7 writes "There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT. The problem affects a number of vendors' products, including D-Link, Netgear, Linksys and Buffalo. 'I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,' Viehbock said."
WPS (Score:4, Insightful)
Don't you still have to physically push a button to (temporarily) enable WPS? If not, whose bright idea was *that*?
Re:WPS (Score:4, Insightful)
I believe you still have to put the router into setup mode even when using shared PIN mode. That limits the times this attack could possibly work.
Designed by complete morons (Score:5, Insightful)
The attack in short: WPS NACKs a partially transmitted PIN if the first part is wrong. This leaves 20k trials needed for brute-force, instead of 1M.
I have no idea how people this incompetent get to design widely used protocols.