Researcher finds vulnerability in WPS protocol, looks for manufacturers to offer fix

On the plus side, your router's mostly secure. Security researcher Stefan Viehbock has just discovered a major security hole which allowed him to use a brute force technique to access a WPS PIN-protected network in about two hours. According to Viehbock, a design flaw allows the WPS protocol's 8-digit PIN security to fall dramatically as additional attempts are made. With each attempt, the router will send a message stating whether the first four digits are correct while the last digit of the key is used as a checksum and then given out by the router in negotiation. As a result, the 100,000,000 possibilities that the WPS should represent becomes roughly to 11,000.

The US-CERT has picked up on this and advised users to disable WPS on their routers. Viehbock, in turn, claims to have attempted to discuss the vulnerability with hardware vendors such as Buffalo, D-Link, Linksys, and Netgear, but says he has been roundly ignored and that no public acknowledgement of the issue has been released. As a possible final step, Viehbock has promised to release a brute force tool soon, thereby pushing the manufacturers to work to resolve the issue. In other news, that evil supercomputer from the movie War Games just got a few more digits of the nuclear launch codes -- maybe one of Stefan's pals can look into that one.