Offline attack shows Wi-Fi routers still vulnerable

Minimalist · Aug 30, 2014

A researcher has refined an attack on wireless routers with poorly implemented versions of the Wi-Fi Protected Setup that allows someone to quickly gain access to a router's network.

The attack exploits weak randomization, or the lack of randomization, in a key used to authenticate hardware PINs on some implementations of Wi-Fi Protected Setup, allowing anyone to quickly collect enough information to guess the PIN using offline calculations. By calculating the correct PIN, rather than attempting to brute-force guess the numerical password, the new attack circumvents defenses instituted by companies.
Click to expand...

http://arstechnica.com/security/2014/08/offline-attack-shows-wi-fi-routers-still-vulnerable/

siljaline · Sep 1, 2014

See also:
Router malware: Fact or fiction?
http://www.csoonline.com/article/2599652/data-protection/router-malware-fact-or-fiction.html

MrBrian · Dec 7, 2014

From the link in the first post (my bolding):

While previous attacks require up to 11,000 guesses—a relatively small number—and approximately four hours to find the correct PIN to access the router's WPS functionality, the new attack only requires a single guess and a series of offline calculations, according to Dominique Bongard, reverse engineer and founder of 0xcite, a Swiss security firm.

"It takes one second," he said. "It's nothing. Bang. Done."

The problem affects the implementations provided by two chipset manufacturers, Broadcom and a second vendor whom Bongard asked not to be named until they have had a chance to remediate the problem.
Click to expand...

luciddream · Dec 8, 2014

That's why it's always a good idea to disable the routers PIN. WPS is indeed insecure by design. A terrible idea.

Log in or Sign up

Offline attack shows Wi-Fi routers still vulnerable

Minimalist Registered Member

siljaline Registered Member

MrBrian Registered Member

luciddream Registered Member

Log in or Sign up

Offline attack shows Wi-Fi routers still vulnerable

Minimalist Registered Member

siljaline Registered Member

MrBrian Registered Member

luciddream Registered Member

Useful Searches