US-CERT says Wi-Fi hole open to brute force attack

Dec 29, 2011 by Nancy Owano report

(PhysOrg.com) -- The US Computer Emergency Readiness Team (US-CERT) has issued a warning about a security hole in the Wi-Fi Protected Set-up protocol for Wi-Fi routers. Security researcher Stefan Viehbock discovered the vulnerability, reported it to the US-CERT, which then issued its public warning earlier this week. Viehbock was able to recognize design decisions about the protocol, which enables an efficient brute force attack.

The US-CERT warning said:

“The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.”

The , introduced in 2007 by the Alliance, was intended to make life simple for setting up and configuring security on wireless local area networks, especially for home and small office-home (SOHO) environments. “Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to easily configure new wireless networks, to add new devices and to enable security,” according to the WiFi Alliance white paper.

The simplification resides in the setup process where users only have to type in a shortened PIN instead of longer phrase if adding a new device to a network. By entering the wrong PIN, the hacker gets returned information that could be useful for an attack. The 8-digit PIN's security falls dramatically as more attempts are made. A message sent by the router when the PIN fails informs the hacker if the first four digits are correct; the last digit of the key is used as a checksum and is given out by the router in negotiation.

According to reports, this hole cuts the hacker’s time and effort significantly. There is less effort in trying out combinations, reducing attempts from 100 million to 11,000.

In its warning, the US-CERT site said “We are currently unaware of a practical solution to this problem.”

Its recommended workaround was to disable WPS. Though not a solution, it said a recommendation was to only use WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network.

Affected vendors include Belkin, Buffalo, D Link, Linksys, Netgear, Technicolor, TP-Link, and ZyXEL.

Viehbock, meanwhile, said he was working on a brute force tool, which he may release once he works the code into better shape.

Explore further: Hand out money with my mobile? I think I'm ready

More information: www.kb.cert.org/vuls/id/723755
sviehb.wordpress.com/

Related Stories

Netgear Launches A New Family Of Wireless-N Routers

Sep 29, 2008

Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the ...

Researchers find way to measure effect of Wi-Fi attacks

Sep 12, 2011

Researchers from North Carolina State University have developed a way to measure how badly a Wi-Fi network would be disrupted by different types of attacks – a valuable tool for developing new security technologies.

Simple security for wireless: no password required

Aug 22, 2011

In early August, at the Def Con conference — a major annual gathering of computer hackers — someone apparently hacked into many of the attendees’ cell phones, in what may have been the first successful breach ...

Recommended for you

Hand out money with my mobile? I think I'm ready

2 hours ago

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 7

Adjust slider to filter visible comments by rank

Display comments: newest first

DDBear
5 / 5 (1) Dec 29, 2011
I've hated WPS anyway so I'd be glad to see this standard disappear entirely. It is supposed to make the setup easier for beginners, but WPS just confuses things. It's easy enough to just enter the WPA2 encryption key!
jimbo92107
5 / 5 (1) Dec 29, 2011
Just go into your router and disable WPS. Problem solved. As DDBear says, WPS is more confusing than helpful anyway. Stick with WPA2, it's good enough for now.
kaasinees
1 / 5 (1) Dec 29, 2011
nope.avi

*mac filter WPA2*
Feldagast
5 / 5 (2) Dec 29, 2011
Why I used wired networking in my house.
mattytheory
3 / 5 (2) Dec 29, 2011
I whitelist the MAC's of authorized devices. Problem solved.
electric
not rated yet Jan 03, 2012
"I whitelist the MAC's of authorized devices. Problem solved."

That's about the worst security method.
http://en.wikiped...ofing.29
mattytheory
not rated yet Jan 09, 2012
Thank you electric. You are correct, I was not aware of the gaping security hole.

More news stories

Turning off depression in the brain

Scientists have traced vulnerability to depression-like behaviors in mice to out-of-balance electrical activity inside neurons of the brain's reward circuit and experimentally reversed it – but there's ...

There's something ancient in the icebox

Glaciers are commonly thought to work like a belt sander. As they move over the land they scrape off everything—vegetation, soil, and even the top layer of bedrock. So scientists were greatly surprised ...