Flaw lets hackers break your WiFi router's security with one guess

Typically, attacks against your WiFi router require a lengthy attempt to guess any codes and passwords. Not if you use 0xcite's new technique, however; the research firm has detailed a flaw in some router chipsets that lets hackers bypass the push-button security of WiFi Protected Setup (WPS) almost instantly. Instead of trying to guess a hotspot's PIN code, which can take hours, you simply take a single shot based on a series of offline calculations. Once you're ready to attack, it takes roughly "one second" to get in.

The vulnerability isn't present in every router, but 0xcite believes that it's in relatively common chipsets from both Broadcom and another, unnamed company that's scrambling to implement a fix. The Wi-Fi Alliance, for its part, tells Ars Technica that the flaw likely stems from how companies implement wireless networking, rather than anything inherent to how the technology works. Whatever the root cause may be, the easiest way to protect against this exploit right now is to turn WPS off -- not a big problem if you're comfortable with a router setup page, but probably more of a hassle than you'd like.

Offline bruteforce attack on WiFi Protected Setup from 0xcite