Basically,it is the PIN authentication used by many wireless routers “significantly” decreases the time required to launch a brute force attack against the PIN because the flaw allows the Attacker (Hacker) to know when the first half of predefined 8 digit PIN printed on a sticker by the router manufacturer is correct. In plain word, entering the wrong PIN returns information that could be useful to a Hacker. The lack of a proper lock out policy after certain numbers of failed attempts leads to guess the PIN on wireless routers which makes this brute force attack.
“An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service”, US-CERT said.
WPS was created in 2007 by the Wi-Fi Alliance in order to ease the set up of a wireless home network. The PIN-based method is mandatory for WPS-certified devices. This authentication method called “external registrar” that only requires the router’s PIN. Exact 8 digit PIN code would produce a huge figure of 100,000,000 possible combinations. It will take few years to crack the code for an Attacker/Hacker. The last digit is actually the Checksum of the other seven digits. It means, an attacker just only has to try 11,000 instead of 100,000,000 different combinations to find the Perfect combination of PIN.
Unfortunately, an authentication attempt takes only between 0.5 and 3 seconds, allowing an attacker to go through all 11,000 combinations in less than 4 hours. “On average an attack will succeed in half the time,” Viehbock said.
Stefan Viehboeck said in a blog, “few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.”
This flaw problem can be sort out through simple software fix and inputting a little more security. Till then the US-Cert has recommended users to switch off WPS.
Buy Cheapest Related Product From Amazon.com
Recent Tech News
Rumors have been doing rounds on the web about a Microsoft Office for iPad app. In fact, The Daily has gone on to even present what it calls the ‘first glimpse’ of the app running on the tablet. According to The Daily’s Matt Hickey, he got to spend some time with a ‘working prototype’ of the app and that the app for the Office suite has the same metro-look that Microsoft seems focused on, of late. Microsoft, on the other hand, has debunked these claims as ‘based on inaccurate rumors and speculation.’
Apart from the regular features of Twitter which include the ability to track topics in real-time and keep up-to-date with breaking news and find friends on the micro-blogging platform, Twitter has added a number of new enhancements to its iPhone app. These include the ability to copy and paste from tweets as well as profiles, a functionality which wasn’t supported in the earlier version of Twitter for iPhone app.
Recently, Urban Green Energy (UGE) has announced to launch its versatile technology ‘Fusion.’ Fusion is new renewable wind and solar solution system that reduces operating costs for off-grid telecom towers and minimizes environmental footprint. In plain word, it will decrease the operating costs at off-grid telecom sites with upgraded technology. No doubt, this will reduce the dependency rate of telecom tower on diesel generators.
Architects of UK have been trying to make floating pontoon house for a long time. Now, for the first time in the UK, Baca Architects have got the full planning permission to build a residential home on the banks of the River Thames in Buckinghamshire. This will be the first floating pontoon house in the UK. When there will be flood, the house will not go under water, rather it will float on the water and remain safe.
