If you have a WiFi router at home and are using the WiFi Protected Setup (WPS) to secure your network, you might want to think about switching to another protocol. The US Computer Emergency Readiness Team sent out an alert this week that describes an exploit in WPS that could lead to cyber attackers figuring out your WiFi password.
The WPS protocol is supposed to make setting up a wireless network easier for people who are not as tech savvy as others. However, US-CERT now says:
A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.
At the moment there is no solution to fixing this issue. US-CERT recommends that people who are using WPS for their WiFi routers disable it and use another method to secure the router, including "using WPA2 encryption with a strong password." Several WiFi router makers such as Netgear, D-Link, Belkin and others sell products with WPS but so far none of them have commented on this newly discovered exploit.
43 Comments - Add comment