Most modern routers who uses design flaws in the Wi-Fi Protected Setup (WPS) could easily retrieve a wireless network’s password through brute force and leave it open to attack. Stefan Viehböck at first brought the issue to light by security researcher and has since prompted a vulnerability notice from the United States Computer Emergency Readiness Team (CERT).
Basically,it is the PIN authentication used by many wireless routers “significantly” decreases the time required to launch a brute force attack against the PIN because the flaw allows the Attacker (Hacker) to know when the first half of predefined 8 digit PIN printed on a sticker by the router manufacturer is correct. In plain word, entering the wrong PIN returns information that could be useful to a Hacker. The lack of a proper lock out policy after certain numbers of failed attempts leads to guess the PIN on wireless routers which makes this brute force attack.
“An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service”, US-CERT said.
WPS was created in 2007 by the Wi-Fi Alliance in order to ease the set up of a wireless home network. The PIN-based method is mandatory for WPS-certified devices. This authentication method called “external registrar” that only requires the router’s PIN. Exact 8 digit PIN code would produce a huge figure of 100,000,000 possible combinations. It will take few years to crack the code for an Attacker/Hacker. The last digit is actually the Checksum of the other seven digits. It means, an attacker just only has to try 11,000 instead of 100,000,000 different combinations to find the Perfect combination of PIN.
Unfortunately, an authentication attempt takes only between 0.5 and 3 seconds, allowing an attacker to go through all 11,000 combinations in less than 4 hours. “On average an attack will succeed in half the time,” Viehbock said.
Stefan Viehboeck said in a blog, “few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.”
This flaw problem can be sort out through simple software fix and inputting a little more security. Till then the US-Cert has recommended users to switch off WPS.