RSS Feed
December 30th, 2011 
FAKE NEWS for the Zionist agenda Security researcher Stefan Viehbock has revealed a flaw with Wi-Fi Protected Setup that could enable attackers to brute-force their way into PIN-protected networks in a short period of time. Although WPS-enabled routers can be protected by 8-digit pins, Viehbock’s attack works by exploiting poor design decisions in the WPS handshaking process that reduces the number of possibilities. Instead of having to test 108 combinations, the attack code really only has to try about 11,000.
Viehbock reported the vulnerability to the U.S. Computer Emergency Readiness Team (US-CERT) (which released a vulnerability note yesterday), and earlier this month contacted makers of routers confirmed to be vulnerable to the attack. However, Viehbock says no hotspot makers have issued fixes.
“To my knowledge none of the vendors have reacted and released firmware with mitigations in place,” Viehbock wrote in his blog. Routers affected include models made by D-Link, Belkin, Linksys, Netgear, ZyXel, TP-Link, Technicolor, and Buffalo.
Wi-Fi Protected Setup—or WPS—is a standard designed to enable non-technical users to easily set up secure Wi-Fi networks, as well as add Wi-Fi devices to a network without having to remember long passphrases—which could be in user-hostile hexadecimal. Typically, WPS devices support the PIN setup method, where users enter an 8-digit PIN (usually on a sticker on the device, or on the router’s display): the device then sets up its own SSID and manages connections on its own, accepting any device with the proper PIN. The PIN method has to be supported by all WPS devices; other WPS setup methods include push-button and USB connections, although the USB method has largely been abandoned.
For now, US-CERT recommends users of vulnerable routers turn off WPS—but that can be a tough sell for users who aren’t familiar with configuring Wi-Fi networks without it, or who don’t want to go to all the hassle of reconfiguring all their Wi-Fi devices. Plus, turning off a feature with “Protected” in the name will be counter-intuitive to everyday users.
Viehbock intends to publish his attack once he gets around to “cleaning up the code.” At that point, wireless router manufacturers may have no choice but to respond to the threat.
This article was originally posted on Digital Trends
More from Digital Trends
China will convert phone booths into Wi-Fi hotspots
Apple devices call home when on a Wi-Fi network
Tablet owners are shunning 3G and loving Wi-Fi
Google lets Wi-Fi hotspot owners opt out of location database
Related posts:
Views: 0
Posted in 
Tags: 
