The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Flaw lets hackers break your WiFi router's security with one guess

New WPS vulnerabilities exposed
2014-09-01 09:07 by
Tags: , , ,

 

Security researcher Dominique Bongard announced that a new attack on wireless routers with poorly implemented versions of the Wi-Fi Protected Setup allows someone to quickly gain access to a router's network.

While previous attacks require up to 11,000 guesses - a relatively small number - and approximately four hours to find the correct PIN to access the router's WPS functionality, the new attack only requires a single guess and a series of offline calculations.

The vulnerability isn't present in every router, but according to Bongard it's in relatively common chipsets from both Broadcom and another, unnamed company. Broadcom products lacked key randomisation while the unnamed vendor (not Atheros, Bongard said in response to rumours), used a non-random seed value or nonce.

The Wi-Fi Alliance, in turn, said that the flaw likely stems from how companies implement wireless networking, rather than anything inherent to how the technology works.

"A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices. It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings," reads a statement from Wi-Fi Alliance spokeswoman Carol Carrubba.

Whatever the root cause may be, the easiest way to protect against this exploit right now is to turn WPS off.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About