Thursday, December 29, 2011

Researcher finds vulnerability in WPS protocol, looks for manufacturers to offer fix

Posted by vishnu vardhan reddy boda at 9:38 AM

Share this Post and Be Awesome

On the plus side, your router's mostly secure. Security researcher Stefan Viehbock has just discovered a major security hole which allowed him to use a brute force technique to access a WPS PIN-protected network in about two hours. According to Viehbock, a design flaw allows the WPS protocol's 8-digit PIN security to fall dramatically as additional attempts are made. With each attempt, the router will send a message stating whether the first four digits are correct while the last digit of the key is used as a checksum and then given out by the router in negotiation. As a result, the 100,000,000 possibilities that the WPS should represent becomes roughly to 11,000.

The US-CERT has picked up on this and advised users to disable WPS on their routers. Viehbock, in turn, claims to have attempted to discuss the vulnerability with hardware vendors such as Buffalo, D-Link, Linksys, and Netgear, but says he has been roundly ignored and that no public acknowledgement of the issue has been released. As a possible final step, Viehbock has promised to release a brute force tool soon, thereby pushing the manufacturers to work to resolve the issue. In other news, that evil supercomputer from the movie War Games just got a few more digits of the nuclear launch codes -- maybe one of Stefan's pals can look into that one

✔ Become Premium User For Free

Get posts directly to your Email. Submit your Email

✔ Share it for others

Love to hear what you think! Thanks Would make us Smile :)

Receive all updates via Facebook. Just Click the Like Button Below else Hit close icon

-->

Search Entire Site

Custom Search
© ©2014 BtechBunks . |
Powered by Vishnu .
back to top