Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability
Chris Salter
ukcrypto at originalthinktank.org.uk
Fri Dec 30 11:58:15 GMT 2011
Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability.
Internet Storm Center (ISC) Diary.
Opening Paragraphs:
Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 -
available since January 2007) designed to ease the process of securely
setup Wi-Fi devices and networks. A couple of days ago US-CERT released
a new vulnerability note, VU#723755, that allows an attacker to get full
access to a Wi-Fi network (such as retrieving your ultra long secret
WPA2 passphrase) through a brute force attack on the WPS PIN. The
vulnerability was reported by Stefan Viehböck and more details are
available on the associated whitepaper. In reality, it acts as a "kind
of backdoor" for Wi-Fi access points and routers.
The quick and immediate mitigation is based on disabling WPS. Your
holiday gift for the people around you these days is to tell them to
disable WPS.
End Quote.
Full diary entry at:
http://isc.sans.edu/diary.html?storyid=12292&rss
or
http://preview.tinyurl.com/cr8qq8d
--
Chris Salter
http://www.originalthinktank.org.uk/
http://www.post-polio.org.uk/
More information about the ukcrypto
mailing list