updated 06:55 pm EST, Tue March 6, 2012
WPS allegedly resisting brute force attacks
The Wi-Fi Alliance has responded to word of security exploits in Wi-Fi Protected Setup with a statement alluding to a fix. It claimed to The Verge that its test routine and certification now made sure that Wi-Fi devices "effectively resist" brute, PIN code-based attacks. How that would resolve the gap, and whether or not a patch would be available for those devices that had already shipped, wasn't mentioned.
Recently discovered attacks can guess the PIN code in less than four hours. While it would prevent the most casual of attacks, it could let wardriving hackers break in and undermine a target audience that's typically less experienced than others that don't need WPS, which was intended to quickly set up a secure network by letting users just push single buttons to pair devices.
The danger exists from attitudes to WPS. By its nature, it's meant to be enabled as an option by the start. Cisco's Linksys badge is known to at least sometimes ignore requests to turn WPS off on its routers and could leave them open to attack.