WPS Vulnerability

**American Zombie** · January 10th, 2012

If you have a router and use WPS you may want to go into your routers GUI to disable WPS for now until your router manufacturer (if on the list) provides a firmware update.

A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct.
The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.

More info and router manufactures affected are at the source.

Source: US-Cert

**fitz** · March 1st, 2012

I never really liked WPS - maybe because I never took the time to fully understand it..

**Xie** · March 3rd, 2012

This kinda dropped right off the radar, which is weird because probably 99% of the routers that would have been effected still are. The scary part is that your router can be potentially exploited by this vulnerability even if it is not active on your router, just having it as part of the firmware is enough in some cases. Only way to know is try and crack your routers password.

Here is a write up on it @ Lifehacker: How to Crack a Wi-Fi Network's WPA Password with Reaver

January 10th, 2012	Top \| #1
American Zombie OSNN Veteran Addict Joined: June 2004 Location: Seattle Posts: 2,899 Reputation: 2689 Power: 164	WPS Vulnerability If you have a router and use WPS you may want to go into your routers GUI to disable WPS for now until your router manufacturer (if on the list) provides a firmware update. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible. More info and router manufactures affected are at the source. Source: US-Cert

March 1st, 2012	Top \| #2
fitz Just Floating Along Joined: April 2004 Location: Chicagoland Posts: 4,052 Reputation: 2947 Power: 181	Re: WPS Vulnerability I never really liked WPS - maybe because I never took the time to fully understand it.. Hee-hee! Evil makes my buttocks tingle.

March 3rd, 2012	Top \| #3
Xie - geek - Joined: September 2003 Location: NY, USA Posts: 5,262 Reputation: 1730 Power: 188	Re: WPS Vulnerability This kinda dropped right off the radar, which is weird because probably 99% of the routers that would have been effected still are. The scary part is that your router can be potentially exploited by this vulnerability even if it is not active on your router, just having it as part of the firmware is enough in some cases. Only way to know is try and crack your routers password. Here is a write up on it @ Lifehacker: How to Crack a Wi-Fi Network's WPA Password with Reaver tehgeek \| tehgeek \| geeking out to tech \| IRC \| Parted Magic \| A+ Certified Professional

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Safari Vulnerability Detected	Mastershakes	Macintosh	8	February 22nd, 2006 2:25am
Vulnerability	Kr0m	Windows Desktop Systems	16	December 11th, 2002 10:33pm
Is there a fix for the xp logoff vulnerability?	Powerchordpunk	Windows Desktop Systems	14	March 26th, 2002 2:42am

Latest News Posts

Latest Forum Posts

Latest Member Blogs