Researchers for the US Computer Emergency Readiness Team (US-CERT) have issued a warning regarding a Wi-Fi router vulnerability for users of the Wi-Fi Protected Setup (WPS) PINs
Researcher Stefan Viehbock found that the hack allows users to easily gain access to routers through the practice of brute-force attacks and specialized software tools to guess the PIN codes.
While eight-digit PIN numbers allow for more than 100 million possible security combinations Stefan found that just 11,000 or less combinations were needed to hack systems.
The system uses so few attempts because an incorrect PIN guess sends a system notification that tells a user if the first half of their 8-number pin was entered incorrectly and then reveals the last digit of the PIN as a checksum.
According to the US-CERT warning:
“It has been reported that some wireless routers do not implement any kind of lock out policy for brute force attempts,” and “This greatly reduces the time required to perform a successful brute force attack.”
Vulnerabilities exist for some D-Link, Netgear, Linksys and Buffalo routers (others likely suffer from the same issue but were not tested).
Viehbock says he has been ignored by hardware vendors despite using a proof of concept Python tool to break router codes in just a few seconds.
This should make users think twice before implementing the Wi-Fi Protected Setup (WPS). Are you surprised to learn that Wi-Fi company’s have so easily turned their backs on a system that can be hacked with very little effort in a matter of seconds?
[Image via ShutterStock.com ]
