WiFi WPS exploit found; no solution yet

If you have a WiFi router at home and are using the WiFi Protected Setup (WPS) to secure your network, you might want to think about switching to another protocol. The US Computer Emergency Readiness Team sent out an alert this week that describes an exploit in WPS that could lead to cyber attackers figuring out your WiFi password.

The WPS protocol is supposed to make setting up a wireless network easier for people who are not as tech savvy as others. However, US-CERT now says:

A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.

At the moment there is no solution to fixing this issue. US-CERT recommends that people who are using WPS for their WiFi routers disable it and use another method to secure the router, including "using WPA2 encryption with a strong password." Several WiFi router makers such as Netgear, D-Link, Belkin and others sell products with WPS but so far none of them have commented on this newly discovered exploit.

Report a problem with article
Previous Story

TechSpot: HP Envy 14 Review

Next Story

Microsoft testing fix for SMS bug that disables Windows Phones

42 Comments

View more comments

deep1234 said,
Will dd-wrt send updates? I think so.

your right, but it's been quite a while since they updated their recommended firmware on the peacock thread over there.

so even if a fix is out soon odds are the firmware with the fix won't be stable enough to recommend for a while yet as the recommended firmware on there (i.e. BS build 14929) is from Aug 2010.

I guess some people fail to realize that this feature is for non-tech savvy users since of course most people reading this article are going to likely already have it disabled or will know how to if somehow they never disabled it, used it out of laziness or whatever it might be.

Most routers also rarely see any firmware updates, that is why a lot of people tech-savvy tend to switch to alternative firmwares such as Tomato mods, DD-WRT and any others not as popular. Then on top of that, non-tech savvy users are still likely to never know there is an update to their router and how to update it without getting support.

mistical said,
I guess some people fail to realize that this feature is for non-tech savvy users ...
...or the masses of lazy careless network admins & IT support people who don't feel like dealing with anything even remotely laborious if they can simplify it by pushing the WPS button. I'm constantly surprised by the number of mid->large sized companies that have a separate IT only wireless router used in their lab or elsewhere that use WPS because it's easy.

No one should be using WPS. It doesn't even set up a long enough key. If you are tech savvy enough to know and buy a router, it won't take long to set up one properly.

xpclient said,
No one should be using WPS. It doesn't even set up a long enough key. If you are tech savvy enough to know and buy a router, it won't take long to set up one properly.

Exactly; if not ask someone who is knowledgeable about it.

Fritzly said,

Exactly; if not ask someone who is knowledgeable about it.

Applies to you, me and the rest of the 0.5% of geek population. What about the average Joe and Jane who actually do take the time to RTFM and follow the router manufacturer's recommendation 'to use WPS as the easiest way to set up your wireless connection'? It's that 99.5% of people who don't read tech news and even if they did wouldn't know how to disable WPS without expert help. Even if there are firmware updates which address this particular problem, none of the routers I've seen have automatic updates. It's all a question of how exploitable the exploit is in reality. If it takes 15 minutes that's a big problem for most folk. If it takes 2 months that's still a big problem for corporate environments and sensitive networks operating over wireless.

Breach said,
Um, and how long does it take to actually brute force 11k combinations?

Not long at all I would assume

Just Google WPA2 generator and update to WPA2 like you should have from the beginning. Problem solved. Now if you have an iDevice on wifi, definitely go a little easier on that key, because it is a PITA to enter those special characters.

ScottDaMan said,
Just Google WPA2 generator and update to WPA2 like you should have from the beginning. Problem solved. Now if you have an iDevice on wifi, definitely go a little easier on that key, because it is a PITA to enter those special characters.


A work around I have used is to save the very complex 128bit WPA2 key into a .txt file, upload to a web server and use copy and paste to paste the key. Long winded yes, but there are workarounds ;-)

StevenNT said,
A work around I have used is to save the very complex 128bit WPA2 key into a .txt file, upload to a web server and use copy and paste to paste the key. Long winded yes, but there are workarounds ;-)

Ouch, how 90s of you.

Glad I use Astaro and my APs are controlled by it. No WPS ease of connectivity. They only get on if I want them on.

Like people said in previous comments, the big issue here is that non tech-savvy people will not update their firmware. Not long ago I saw some people vulnerable to the "DCC SEND "startkeylogger" 0 0 0" exploit on Lynksys/Netgear routers and I think this has been around for a LONG time.

To make things worse, most people have no idea how to change their WIFI key or encryption. Just look at the number for "dlink" and "netgear" wifi spots you see around you.

I frequently get firmware updates for my routers. I have always used d-link. The sad thing is, this is the hard way to get in to alot of routers. I've gotten into routers before by just trying short simple passwords. Too many times the ssid is the best clue to the password. This will be fixed by manufacturers, but most people won't even know there is a problem to fix, or how to fix it.

Wow, the technologically elite are a bunch of arseholes.
I read the ramblings here, and this is precisely why the average joe has problems.

I would challenge everyone here who says how easy it is, to try something out of your profession for a change.

I bet you would find the simplest task from another profession quite daunting, while experts in that field will NOT taunt and berate you as you do when they try to play on your field.

Maybe a dumb question here, and I should probably know better, but don't you have to push a physical or virtual button to activate WPS? Kink of like when you first pair BlueTooth? I know both my routers, I have to log into the admin page to push the virtual button. It's easier for me to just plug in the WiFi password. I have enough devices that I have it memorized.

Running WPA2-PSK here, with MAC filtering and reserved IPs. I know MAC spoofing is easy, but I like the layered approach.

Steven Watson said,
Maybe a dumb question here, and I should probably know better, but don't you have to push a physical or virtual button to activate WPS? Kink of like when you first pair BlueTooth? I know both my routers, I have to log into the admin page to push the virtual button. It's easier for me to just plug in the WiFi password. I have enough devices that I have it memorized.

Running WPA2-PSK here, with MAC filtering and reserved IPs. I know MAC spoofing is easy, but I like the layered approach.

yep you have to push a button on 1 device. the router is always listening, that means you can send a signal out & the router will say, hey i'm here.. how many credit card numbers do you want to phish for today?

even 20 character passwords can be cracked in days rather than weeks these days. todays GPU's can bruteforce 8 character passwords in 4hrs. what about multicore GPU's.

but then again, you'll all have smartphones and pads in the next couple years, so passwords won't be an issue, you'll all be giving away your privacy without even knowing it.

Any time there is convenience, you can guarantee security will be the trade off.

Lucky I don't use WPS for myself or my customers!

Commenting is disabled on this article.