When hackers don’t know your WiFi router’s password, but want to crack/hack it, then they have no option except for entering some random passwords with guesses. It’s quite a bit tough to guess the password, but now researchers are saying that flaw lets hackers break WiFi router’s security with just only one guess!
Dominique Bongard is a reverse engineer. He is the founder of a Swiss security firm named 0xcite. Bongard has refined an attack on wireless routers with poorly implemented versions of the Wi-Fi Protected Setup that allows someone to quickly gain access to a router’s network. The attack exploits weak randomization, or the lack of randomization, in a key used to authenticate hardware PINs on some implementations of Wi-Fi Protected Setup. It allows anyone to quickly collect enough information to guess the PIN using offline calculations. By calculating the correct PIN, rather than attempting to brute-force guess the numerical password, the new attack circumvents defenses instituted by companies.
It has been found that while previous attacks require up to 11,000 guesses—a relatively small number—and approximately four hours to find the correct PIN to access the router’s WPS functionality, the new attack only “takes one second” to guess a perfect password and a series of offline calculations.
According to spokeswoman Carol Carrubba, “A vendor implementation that improperly generates random numbers is more susceptible to attack… the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings.”
The vulnerability isn’t present in every router. Whatever the root cause may be, the easiest way to protect against this exploit right now is to turn WPS off. Here’s a slide showing offline bruteforce attack on WiFi Protected Setup from 0xcite.