Wi-Fi Protected Setup PIN Brute Force Vulnerability

Network 111 Published by

A researcher has discovered a security hole in WPS technology that affects millions of Wi-Fi routers around the world.
A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology. I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.

I reported this vulnerability to CERT/CC and provided them with a list of (confirmed) affected vendors. CERT/CC has assigned VU#723755 (will be released today) to this issue. To my knowledge none of the vendors have reacted and released firmware with mitigations in place.



Share this content
Twitter Facebook Reddit WhatsApp Email Print