Thursday, December 29, 2011
Researcher finds vulnerability in WPS protocol, looks for manufacturers to offer a fix
Security researcher Stefan Viehbock has just discovered a major security hole which allowed him to use a brute force technique to access a WPS PIN-protected network in about two hours. According to Viehbock, a design flaw allows the WPS protocol's 8-digit PIN security to fall dramatically as additional attempts are made. With each attempt, the router will send a message stating whether the first four digits are correct while the last digit of the key is used as a checksum and then given out by the router in negotiation. As a result, the 100,000,000 possibilities that the WPS should represent becomes roughly to 11,000. US-Cert has cought wind of the situatuion and has then urged users to disable WPS on their routers. Viehbock, in turn, claims to have attempted to discuss the vulnerability with hardware vendors such as Buffalo, D-Link, Linksys, and Netgear, but says he has been nothing but ignored and that no public acknowledgement of the issue has been released. As a possible final step, Viehbock has promised to release a brute force tool soon, thereby pushing the manufacturers to work to resolve the issue.