Home > All, Security Issues > Vulnerability in WiFi’s WPS is likely to affect the majority of home users

Vulnerability in WiFi’s WPS is likely to affect the majority of home users

December 29, 2011 Leave a comment Go to comments

On 27 December Stefan Viehböck disclosed a WiFi Protected Setup (WPS) vulnerability. WPS was developed by the WiFi Alliance in 2007. Its purpose is to provide easy WiFi security for home users. “I noticed a few really bad design decisions,” wrote Stefan, “which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.”

More details are provided in his paper Brute forcing Wi-Fi Protected Setup. He notes two basic design flaws in WPS.

As the External Registrar option does not require any kind of authentication apart from providing the PIN, it is potentially vulnerable to brute force attacks.


An attacker can derive information about the correctness of parts the PIN from the AP ́s responses.

The latter ‘flaw’ effectively reduces the length of the PIN, allowing an attacker to try all possibilities within a short period of time. Stefan wrote a ‘proof of concept’ brute force attack. This is usually circumvented by a ‘lock-down’ facility; that is, further log-in attempts are automatically blocked after, say, three failures. But, he writes,

Some vendors did not implement any kind of blocking mechanism to prevent brute force attacks. This allows an attacker to try all possible PIN combinations in less than four hours (at 1.3 seconds/attempt).

On average an attack will succeed in half the time.

Stefan’s vulnerability has now been accepted by CERT. CERT’s advisory comments

III. Solution
We are currently unaware of a practical solution to this problem.

Disable WPS.

Although the following will not mitigate this specific vulnerability, best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network.

Ironic, isn’t it? The ‘official’ security solution often provided by default for non-technical home users requires a technical capability beyond the average home user in order to stop it being a weakness… But irony or no irony, the simple fact is that the majority of home users everywhere are likely to be vulnerable.

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s