WiFi Protected Set-up has a Security Hole

December 30, 2011, By Sanjeev Ramachandran

Be warned. There is a pretty big security hole in the WiFi Protected Set-up or the WPS protocol. WPS is often bundled into Wi-Fi routers, and allows unskilled home users to easily set up secure networks using WPA encryption.

When the WPS is in place, users can add a new device to the secure network by typing in a shortened PIN instead of a long pass-phrase. However, it is not just the users who can get their work done without much of a hassle; this system allows hackers to, well, hack into your WiFi network, according to the warning issued by the U.S. Computer Emergency Readiness Team.

Routers sold by vendors like Buffalo, D-Link, Cisco Linksys, Netgear, Technicolor, TP-Link, and ZyXEL are said to be affected by the security hole.


The flaw was discovered by security researcher Stefan Viehbock. He noticed a few really bad design decisions that enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.

Here is the problem in detail. The security of the 8-digit PIN falls dramatically with more attempts to key in the password. When an attempt fails, the hacker can figure out if the first four digits of the code are correct. From there, it can then narrow down the possibilities on the remaining digits until the code is cracked.

Viehbock said a hacker can get into a secure Wi-Fi hotspot in about two-hours using this method to exploit vulnerability. Also some wireless routers do not implement a lock out policy for brute force attempts, which greatly reduces the time taken to perform a brute force attack.

US-CERT says there is no known fix to this security problem, and the vendors have not responded to the issue. The best you can do is turn off the WPS in your router.

© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy