Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability

Chris Salter ukcrypto at originalthinktank.org.uk
Fri Dec 30 11:58:15 GMT 2011

Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability.
Internet Storm Center (ISC) Diary.

Opening Paragraphs:

Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 - 
available since January 2007) designed to ease the process of securely 
setup Wi-Fi devices and networks. A couple of days ago US-CERT released 
a new vulnerability note, VU#723755, that allows an attacker to get full 
access to a Wi-Fi network (such as retrieving your ultra long secret 
WPA2 passphrase) through a brute force attack on the WPS PIN. The 
vulnerability was reported by Stefan Viehböck and more details are 
available on the associated whitepaper. In reality, it acts as a "kind 
of backdoor" for Wi-Fi access points and routers.

The quick and immediate mitigation is based on disabling WPS. Your 
holiday gift for the people around you these days is to tell them to 
disable WPS.

End Quote.

Full diary entry at:


Chris Salter

More information about the ukcrypto mailing list