Wi-Fi Router Attack Only Requires a Single PIN Guess 84
An anonymous reader writes: New research shows that wireless routers are still quite vulnerable to attack if they don't use a good implementation of Wi-Fi Protected Setup. Bad implementations do a poor job of randomizing the key used to authenticate hardware PINs. Because of this, the new attack only requires a single guess at the hardware PIN to collect data necessary to break it. After a few hours to process the data, an attacker can access the router's WPS functionality. Two major router manufacturers are affected: Broadcom, and a manufacturer to be named once they get around to fixing it. "Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness."
Re:Wireless security (Score:5, Funny)
Let me get this straight: you refuse to buy a wireless router with WPS that can be disabled in the administration console for the router because if someone pwns your router administration console they might be able to turn WPS back on?
Really? I bet you also refuse to use ATM cards because if someone stole your identity, got issued a fake driver's license, stole all your passwords, etc, they might be able to contact the bank and change your PIN!