Thursday, January 5, 2012

Brute force tools crack Wi-Fi security in hours, millions of wireless routers vulnerable

If you set WPA/WPA2 security protocol on your home or small business wireless router, and you think your Wi-Fi is secure, there two recently released brute force tools that attackers may use to bypass your encryption and burst your security bubble. The irony is that the vulnerability which can be exploited was intended to be a security strength, a usability issue to help the technically clueless setup encryption on their wireless networks. Wi-Fi Protected Setup (WPS) is enabled by default on most major brands of wireless routers including Belkin, Buffalo, D-Link, Cisco's Linksys and Netgear, leaving millions of wireless routers around the world vulnerable to brute force attacks which can crack the Wi-Fi router's security in two to ten hours.
Most wireless routers come with a WPS personal identification number (PIN) printed on the device. When a user is setting up a wireless home network via a network setup wizard, enabling encryption is often as easy as pushing a button on the router and then entering the eight digit PIN which came with it. When an attacker is attempting to brute force the PIN and an incorrect value was entered, a message is sent that basically tells an attacker if the first half of the PIN was right or not. Additionally, according to Stefan Viehbock, the security researcher who reported the flaw, "The 8th digit of the PIN is always the checksum of digit one to digit seven," meaning it only takes an attacker about 11,000 brute force guesses to own the password. Unfortunately most wireless routers don't have a lockout policy after several failed password attempts.

No comments: