Security fault detected in Wi-Fi Protected Setup

The US-CERT has issued an alert about a security vulnerability in the conception of the Wi-Fi Protected Setup technology.

An easy configuration may also mean easy to hack. According to an alert published by the US-CERT, the Wi-Fi Protected Setup standard is affected by a security vulnerability for which there is currently no practical solution to correct. The exploitation of this fault can lead to the wireless routers PIN (a code displayed as 8 characters) being compromised.

WPS was implemented by the Wi-Fi Alliance to make the security configuration of wireless networks easier. To add a device to a secure network, you simply have to enter the PIN (Personal Identification Number) which then provides four possibilities.

According to security researcher Stefan Viehbock, a security vulnerability in the conception of the technology allows for access via a brute force attack, providing access to a WPS network with PIN in only two hours.

When the first attack failed, the router sends a response which then allows the attacker to determine the first half of the PIN. The last character of the PIN is also known thanks to the control summery (checksum for the PIN). All that is then required is time to break the rest of the sequence.

Stefan Viehbock has provided more information about the WPS vulnerability in PDF document. He also developed a brute force attack tool in Python, although this is yet to be published. In their alert bulletin, the US-CERT has listed all vendors affected by this vulnerability (Belkin, Buffalo, D-Link, Linksys, Netgear, Technicolor, TP-Link, ZyXEL).

The only way of securing the network at this time is to disable WPS. The US-CERT also reminds users of the best practices that they should be following: use WPA2 encryption with a strong password, disable UPnP and activate MAC filtering (to only allow the connection of trusted devices).