Printed from http://www.electronista.com

Researchers discover Wi-Fi router PIN vulnerability

updated 12:00 am EST, Wed December 28, 2011

Flaw makes for easier brute-force attacks

The US Computer Emergency Readiness Team (US-CERT) has reportedly issued a warning regarding a vulnerability in Wi-Fi routers that use Wi-Fi Protected Setup (WPS) PINs. The security flaw, which was said to be discovered by security researcher Stefan Viehbock, enables hackers to easily gain access to routers by using brute-force attacks and software tools to guess the PIN codes.

Although routers require users to enter an eight-digit PIN, which should conceal the true number among 100 million possibilities, the current technology is said to effectively weaken the protection down to a point that can be hacked with a maximum of 11,000 attempts.

When a user makes an incorrect PIN guess, the system responds to the client with a message that reportedly provides notification if the first half of the PIN was correct. The message also reveals the last digit of the PIN as a checksum.

"It has been reported that some wireless routers do not implement any kind of lock out policy for brute force attempts," the US-CERT warning said. "This greatly reduces the time required to perform a successful brute force attack."

Viehbock suggests select routers from D-Link, Netgear, Linksys and Buffalo are vulnerable to the brute force attacks. He claims to have been ignored by the hardware vendors, despite developing a Python tool that can break the code in just a few seconds. [via Threat Post]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News