WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs

By alexalex
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

alexalex

Posted
Posted

The US-CERT is warning about a vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points.

WPS is a method for setting up a new wireless router for a home network and it includes a way for users to set up the network via an external or internal registrar. In this method, the standard requires a PIN to be used during the setup phase. The PIN often is printed somewhere on the wireless router or access point. The vulnerability discovered in WPS makes that PIN highly susceptible to brute force attempts.

"When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN. This design greatly reduces the number of attempts needed to brute force the PIN. The number of attempts goes from 108 to 104 + 103 which is 11,000 attempts in total," the US-CERT advisory says....

Brute forcing Wi-Fi

Protected Setup

When poor design meets poor implementation.

?Wi-Fi Protected Setup? is an optional certification program from the Wi-Fi Alliance that is designed to

ease the task of setting up and configuring security on wireless local area networks. Introduced by the

Wi-Fi Alliance in early 2007, the program provides an industry-wide set of network setup solutions for

homes and small office (SOHO) environments.

Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi

configuration and security settings to automatically configure new wireless networks, add new devices

and enable security. More than 200 products have been Wi-Fi CERTIFIED? for Wi-Fi Protected Setup

since the program was launced (sic!) in January 2007.?

1

The Wi-Fi Simple Configuration Specification (WSC) is the underlying technology for the Wi-Fi

Protected Setup certification.

Almost all major vendors (including Cisco/Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL and

Technicolor) have WPS-certified devices, other vendors (eg. TP-Link) ship devices with WPS-support

which are not WPS-certified.

Although WPS is marketed as being a secure way of configuring a wireless device, there are design

and implementation flaws which enable an attacker to gain access to an otherwise sufficiently

secured wireless network.

http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.