Push Button WiFi Flaw Just Got Worse
Back in April 2012, I reported that many WiFi Protected Setup (WPS) routers were vulnerable to brute-force hacking. Incredibly, not much has been done to address this flaw. To make matters worse, a security research team has invented a way to guess a vulnerable router’s password in as little as one second! Here's what you need to know...
Is Your Router Vulnerable?
Over two years ago, I published an article WPS Security Flaw – Are You Vulnerable?, which discussed a problem with routers that have the WPS (WiFi Protected Setup) feature. WPS is designed to make it easier to install a new router and connect your wireless devices.
The WPS flaw made it relatively easy for hackers to guess the PIN number needed to access a wifi router, and allowed intruders to gain unauthorized access. Once inside, they could use your Internet connection (possibly engaging in illegal activities), change router settings, and even lock you out.
Vendors promised at the time to beef up security on future WPS-enabled routers, but some models remain vulnerable. And in fact, the problem has gotten about ten thousand worse, according to security researchers in Switzerland.
The WPS standard calls for creation of an encryption key from a random “seed” number. This key is used to encrypt the router’s PIN, the passcode that users enter in order to log on to the router. But many manufacturers have been too cheap or lazy to include a simple random number generator in their firmware; they just use the system clock time, which hackers don’t even have to guess, or pull a number from a finite list of numbers that’s been leaked all over the Internet.
The effect of these shortcuts is to reduce the number of possible keys from millions to as few as 11,000. It takes hackers just four hours to try all 11,000 possibilities until they hit the correct key instead of years when the seed is “strongly randomized.” (Computer science has yet to come up with a 100% perfect random number generator.)
Widening the Strike Zone
Now it takes just one try, most of the time. Dominique Bongard, founder of 0xcite, a Swiss security firm, has developed a method of guessing a router’s PIN correctly on the first attempt with a high probability of success. The calculations are done offline; one attempt is made to log in to the router, and usually it succeeds!
Bongard’s technique defeats the “three strikes and you’re out” safety mechanism built into many routers (and other systems) these days; the one that prevents further attempts to log in after three successive failures in limited period of time.
Router chipsets made by Broadcom are vulnerable to Bongard’s exploit; he says that a second chipset maker’s products are also vulnerable, but he doesn’t want to name that manufacturer until it has had a chance to fix the problem. The issue is further complicated because many router manufacturers use chipsets from Broadcom and the other unnamed vendor. So lots of router brands could be affected.
Broadcom has made no public comment on this issue, and neither has any other chipset maker. But there must be a lot of red faces behind corporate facades.
There should be a lot of firmware updates appearing on router makers’ websites very shortly, too. Search for one that matches your router and install it as soon as possible. If you don’t see an update that addresses this flaw, you may want to ask the manufacturer about it.
Until you’re certain that your router’s firmware is protected against this exploit, you should disable WPS and configure your router to ask users for a network key (also called a wifi password) instead of a WPS PIN. If you don't want to guess, just disable it and move on.
Because there are dozens of different routers, I can't give specific instructions for doing that here. But you can search online for your router's user manual, or even better: "how to disable WPS on XYZ router" (where "XYZ" is your router model). Your Internet service provider should also be able to help you do this.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 16 Sep 2014
|For Fun: Buy Bob a Snickers.|
IFTTT: Your Personal Virtual Robot
The Top Twenty
Geekly Update - 17 September 2014
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Push Button WiFi Flaw Just Got Worse (Posted: 16 Sep 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved