Wi-Fi Protected Setup (WPS) Flaws Make Brute Force Attacks Feasible2011-12-29 11:06 by PhilipTags: Wi-Fi, US-CERT, security, WPS
Design flaws in the Wi-Fi Protected Setup (WPS) wireless security standard can make it easier for attackers to obtain access codes for accessing wireless networks. The vulnerabilities identified by security researcher Stefan Viehbock affect a large number of WPS-enabled routers and wireless access points. The WPS standard was created in 2007 by the Wi-Fi Alliance to provide non-technical users with a simple method of setting up wireless networks securely. In addition to pushing a button on the router, WPS-certified devices also support an 8-digit PIN printed on a sticker on the device for authentication. Under normal circumstances, it would take 100 million attempts to crack an 8-digit PIN, however, some bad design choices reduce this to only 11,000 attempts according to Viehenbock's research paper. The main problem lies with the fact that devices respond to failed WPS authentication attempts with information whether the first or second half of the PIN is correct. This is further reduced by the fact that the last digit is actually the checksum of the first seven numbers. Considering that an authentication takes between 0.5 and 3 seconds, a brute force attack going through all 11,000 combinations would take less than 4 hours, with an average of half the time. The researcher identifies vulnerable devices from multiple vendors, including Linksys, Netgear, D-Link, Buffalo, Belkin, ZyXEL, TP-Link and Technicolor, with other brands affected as well. The majority of routers do not implement lock-down periods after failed WPS authentication attempts. The U.S. Computer Emergency Readiness Team (US-CERT) has been alerted about the vulnerabilities at the beginning of December and notified some of the affected vendors. The only known workaround at the moment, according to a US-CERT advisory is to disable WPS. Read more -here- or -here-
Post your review/comments
rate:
avg:
|