Security Protection – Harry Waldron MVP Rotating Header Image

Wireless Security – New Brute Force WPS Vulnerability

The ISC shares a new WPS vulnerability where brute force PIN attacks could potentially be used to gain unauthorized access

Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability http://isc.sans.org/diary/Wi-Fi+Protected+Setup+WPS+PIN+Brute+Force+Vulnerability/12292

QUOTE: Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 – available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN. The vulnerability was reported by Stefan Viehböck and more details are available on the associated whitepaper. In reality, it acts as a “kind of backdoor” for Wi-Fi access points and routers.  The quick and immediate mitigation is based on disabling WPS.

More on WPS Security – Pros & Cons https://isc.sans.edu/diary.html?storyid=10675

Wi-Fi Best Practices and Protection Resources http://www.wi-fi.org/knowledge_center_overview.php
http://www.wi-fi.org/files/kc_80_20070104_Introducing_Wi-Fi_Protected_Setup.pdf

Comments are closed.