WiFi Protected Setup (WPS) may no longer be a simple and painless method for connecting to secure wireless. According to researcher Dominique Bongard, founder of 0xcite security firm, there are vulnerabilities in the implementations of two WiFi Protected Setup (WPS) manufacturers, allowing hackers to quickly gain access to a wireless router’s network.
Rather than manually configuring your computers and phones to be compatible with WPA security, WPS is a network standard allowing users to easily connect their devices securely to WiFi with a simple push of a button on the router. When using WPS, a unique PIN is required when setting up a new device, ensuring malicious attempts to add rogue devices to the network do not occur.
Bongard discovered an attack that exploits weak randomization in a key used to authenticate hardware PINs in some implementations of WPS, allowing anyone to collect enough information to guess the PIN using offline calculations. After obtaining the router’s PIN, a hacker can easily obtain a network’s WPA2-Pre Shared Key. Breaking into the router via this mechanism, rather than the more common brute-force attempts, circumvents many security measures put in place by manufacturers.
In previous research completed in 2011, it was reported that the PIN needed to complete the setup of the router could be broken down and each piece attacked separately. By breaking down the code, the number of attempts a hacker would need to try before accurately guessing the correct PIN scaled down from in the millions to a mere 11,000.
This new attack reported by Bongard only requires a single guess and a series of offline calculations. This vulnerability, which is caused by an inability to properly generate random numbers, is shown to affect the implementations used by two chipset manufacturers.
As an attacker can easily obtain WiFi passwords in as little as one second with this exploit, it may be beneficial to look for stronger ways to authenticate devices to wireless networks. Certificate-based authentication provides the strongest level of security.
The easiest way to protect yourself from this potential flaw in implementations of router software is turn off the WPS feature. Although this may cause inconvenience for those unfamiliar with setting up routers, it could prevent you from a detrimental attack down the road.