A security researcher has demonstrated a flaw in the WiFi Protected standard that would expose Wireless networks to brute-force attacks, prompting the United States Computer Emergency Response Team to issue a vulnerability warning.
“The Wi-Fi Protected Setup (WPS) PIN is susceptible to a brute force attack,” US-CERT warning issued Dec. 27 said. Widely used to secure wireless networks, WiFi Protected Setup (WPS) requires each router to have a unique eight-digit PIN. When WPS is enabled, the router allows devices to connect to the network provided they present the correct PIN.
Attackers could try brute-forcing the PIN by trying every possible combination, but the eight-digit PIN means there are 100,000,000 possible combinations. Theoretically, the brute-force attempts would take several years, making it an impractical attack scenario.
However, security researcher Stefan Viehb??éck found “a few really bad design decisions” in WPS that allowed the PIN to be split in two halves and tested separately, according to the warning.
Under WPS, devices could present four digits and the router would report back if the submitted combination was the first half of the PIN, Viehb??éck found. The last digit of the PIN appears to be just a checksum, which means the attacker only has to guess the remaining three digits in order to figure out the entire PIN. Instead of having to try 100,000,000 combinations, Viehb??éck found that the attackers have to try only 11,000 different combinations to find the right PIN.
“A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct,” the warning said.
Viehb??éck found it would take an average of two seconds to test each combination against a router, which means the time required for the brute-force attack has been dramatically slashed from several years to a few hours.
Considering that recent router models tend to have WPS enabled by default, this issue “affects millions of devices worldwide,” Viehb??éck wrote.
An attacker within range of a wireless access point may be able to brute-force the WPS PIN and retrieve the wireless network password in order to change the access point’s configuration settings or cause a denial of service, according to the US-CERT warning. Once in, the attacker can intercept email and steal credit card numbers or passwords.
Most of the routers Viehb??éck tested, which included products from Belkin, Buffalo, D-Link, Linksys, Netgear, Technicolor, TP-Link and ZyXEL, did not have any built-in mechanism to handle repeated incorrect PINs. One router from Netgear slowed down its responses when presented with several incorrect PINs in a row, but that just meant it would take the attacker an extra day or so to succeed.
“The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible,” the warning said.
WPS, introduced in 2007 by the WiFi Alliance, was intended to make it easier to setup secure wireless networks in home and small office environments.
US-CERT said it was “currently unaware of a practical solution to this problem.” Instead, the advisory recommended disabling WPS and instead using WPA2 encryption with a strong password to secure the network. Wireless networks can also be set up to use MAC Address filtering to verify and allow only recognized devices onto the network.
While Viehb??éck said he was working on a brute force tool which he may release at some point, researchers at Maryland-based Tactical Network Solutions have already released one such tool. Available on Google Code, TNS said it will sell a more advanced commercial version of Reaver.
“This is a capability that we at TNS have been testing, perfecting and using for nearly a year,” TNS said in a blog post Dec. 29. Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 pass phrase of the target access point in four to ten hours, according to the router’s response time, TNS claimed.
AI thrives on data but feeding it the right data is harder than it seems. As enterprises scale their AI initiatives, they face the challenge of managing diverse data pipelines, ensuring proximity to insights, and supporting a growing range of workloads. In this episode, Corey Knowles speaks with Vrashank Jain, lead product manager for Dell’s AI Data Platform, about how businesses can overcome these hurdles with solutions that simplify data management, enhance performance, and unlock the full potential of their AI investments.
In this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Latest News - Resources Resource HubsFeatured ResourcesLink to The Real AI Power Play: Who Controls Your Enterprise Data Layer? The Real AI Power Play: Who Controls Your Enterprise Data Layer?IT and data teams were promised that AI would make work easier. Instead, it's created new layers of complexity.Link to Building the Backbone of Agentic AI with Trusted, Context-Rich Data Building the Backbone of Agentic AI with Trusted, Context-Rich DataIn this 10-minute take video, Reltio Principal Solutions Consultant Guy Vorster explains how organizations can overcome fragmented data challenges to power AI agents.Link to IHG scales real-time, trusted data across global brands IHG scales real-time, trusted data across global brandsAccelerating time to value while powering data-driven engagementLink to Dell’s Vrashank Jain on The Data Problem That Could Break Your AIDell’s Vrashank Jain on The Data Problem That Could Break Your AI
AI thrives on data but feeding it the right data is harder than it seems. As enterprises scale their AI initiatives, they face the challenge of managing diverse data pipelines, ensuring proximity to insights, and supporting a growing range of workloads. In this episode, Corey Knowles speaks with Vrashank Jain, lead product manager for Dell’s AI Data Platform, about how businesses can overcome these hurdles with solutions that simplify data management, enhance performance, and unlock the full potential of their AI investments.
Link to BMC’s Jennifer Margules on Intelligent Enterprise OrchestrationBMC’s Jennifer Margules on Intelligent Enterprise OrchestrationIn this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
Link to Global-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldGlobal-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldeSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Artificial Intelligence -
Video -
Big Data & Analytics -
Cloud -
Networking - Cybersecurity Cybersecurity
- Applications Applications
- IT Management IT Management
- Storage Storage
- Mobile Mobile
- Small Business Small Business
- Development Development
- Database Database
- Servers Servers
- Android Android
- Apple Apple
- Innovation Innovation
- PC Hardware PC Hardware
- Reviews Reviews
- Search Engines Search Engines
- Virtualization Virtualization
-
- Blogs Blogs
- Events Events