WPS is vulnerable on several major router brands.
It comes enabled by default from many vendors from the factory.
It can be brute forced and allow an attacker to obtain the keys.
When it gets cracked in just a few hours to a few days it will reveal the PIN code, wpa wpa2 keys.
It is recommended you disable WPS and secure your Wifi Router.
You read the heading right, crack WPS in 1 second.
While the WPS (Wi-Fi Protected Setup) is one of the more popular network security standards that lets its users secure a wireless home network, it is totally aware that it can be threatened through a brute-force attack if its network access point is poorly configured.
How this brute-force attack works is by making use of the typically weak randomization that occurs during the key generation which is used to verify hardware PINs on some WPS. An attacker using brute-force would just collect the information very quickly and this allows them to basically guess the PIN through offline calculations. The reason why this offline calculation is so crucial is because it allows the attacker to remain hidden – offline – since he doesn’t actually need to physically try every possible combination of digits to the numerical password.
This idea was presented by researcher Dominique Bongard who said while explaining this: “It takes one second. It’s nothing. Bang! Done!” Bongard is an embedded systems security specialist, reverse engineer, and mobile application developer, and CEO and Founder of 0xcite Sàrl. He recently demonstrated this type of attack at the PasswordCons Las Vegas 2014 conference.
If we were to compare Bongard’s method to a different method, a highly efficient attack on a WPS would normally require up to 11,000 guesses and this number would be considered not a very large number of attempts and could take up to four hours in the process. Bongard’s new attack simply takes a series of offline calculations and just one single guess.
This major security issue mainly affects two manufacturers of chipset. The first is Broadcom and the second name remains undisclosed by Bongard until the manufacturer fixes this security flaw. It seems Broadcom had poor randomization while the other vendor just didn’t have enough randomness in their process.
It remains now to be seen what the next major move in the chipset industry will be to alleviate the dangers of a brute-force attack.
|➤ Related pages|
Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software
SecPoint is specialized to deliver the best IT security solutions and products.