Flaw in Wi-Fi protected setups makes it susceptible to brute force attacks

Jan 5 2012 / By Hazel Chua

People use Wi-Fi to do a lot of things. In fact, I think Wi-Fi is extremely useful not just in establishments or at office settings, but also in the home. Instead of having to manually connect your device with cables to the modem, you can instead use a router to transmit a wireless signal in your entire home so that everyone in the household can make use of the Internet connection.

And if you live close enough to your neighbours, they can also access your network too, unless you set it up with a password. It’s actually standard procedure to password protect the Wi-Fi connection in your home for security reasons. But apparently, a flaw is making these setups susceptible to brute force attacks.

Brute Force Attack

This was according to security researcher Stefan Viehböck, who was able to demonstrate a critical flaw in the Wi-Fi Protected standard. This flaw made it possible to open up the routers to attack, which has prompted a US-CERT Vulnerability notice to be issued.

As mentioned earlier, Wi-Fi Protected Setup (WPS) is utilised to secure and restrict access to a wireless network. This would require each router to have a unique 8-digit PIN. However, one mode of use made it possible to connect a device to the network by just presenting the PIN, opening the gateway for a user to just try every available PIN possible.

Doing the math, eight digits would produce roughly 100,000,000 possible combinations. By testing different routers, Viehböck discovered that it took an average of around two seconds to test each combination. “On average an attack will succeed in half the time,” Viehbock said.

So with brute force, the router can be compromised in several years–unless it was particularly responsive. But the standard that’s used by the WPS will respond after the first four digits have been entered, indicating if the values are right or wrong. So in essence, the two halves can be tackled and determined separately.  The remaining four digits will be a checksum, so the attacker just has to test out 1,000 combinations before the entire PIN is revealed. The details of the tests that Viehböck conducted have been uploaded to his blog.

Source – The Register

Leave a Facebook Comment


Leave a reply on our site