Wi-Fi Protected Setup Vulnerability

Posted by & filed under Hardware, Networking, WiFi.

The Wi-Fi protected setup with which a large majority of new routers ship with enabled by default has a serious flaw opening it up to a brute force attack against the WPS pin. Additional flaws allow for a successful brute force attack in 11,000 attempts. This means the network key of a protected network can be retrieved within hours.

The best course of action right now is to disable WPS if possible. This is not a option on all routers, but the possibility may exist of re-flashing the router’s firmware to a different one such as Open-WRT, DD-WRT, Tomato, etc. to disable it.

CERT’s Release: www.kb.cert.org/vuls/id/723755
Vulnerability Technical Details: sviehb.files.wordpress.com/2011/12/viehb…
Reaver — Functional exploit: code.google.com/p/reaver-wps/