Have you ever pushed that little (WPS) button to connect to your wireless router? You know, the one where you don’t need a password to use it? Researchers have just discovered a dangerous flaw that would let someone crack that in less than a few hours. This person wouldn’t have to be in your home or office, they could attempt this from anywhere within range of your wireless signal. For more modern routers, that can be as far as 400 feet away.
WiFi Protected Setup (WPS) is a computing standard created by the WiFi Alliance to ease the setup and securing of a wireless home network. WPS contains an authentication method called “external registrar” that only requires the router’s PIN. By design this method is susceptible to brute force attacks against the PIN. When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN. This design greatly reduces the number of attempts needed to brute force the PIN. The number of attempts goes from 108 to 104 + 103 which is 11,000 attempts in total.
It has been reported that some wireless routers do not implement any kind of lock out policy for brute force attempts. This greatly reduces the time required to perform a successful brute force attack. It has also been reported that some wireless routers resulted in a denial-of-service condition because of the brute force attempt and required a reboot.
An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service.
DHS has suggested that people disable the WPS service until there is a fix.
I never did trust WPS. It didn’t require any sort of password, all you did was push a button and you could get connected. I always wondered what happened if someone tried to connect to your router at the same time you did. Could they get connected? Seemed to much of a chance for me so we have had WPS disabled on all our company routers.
It does make it easy for the average person to get connected so I’m sure they will come out with a fix at some point. For now, disable the feature.