Security researchers have come up with two new security tools that cover up the vulnerability in Wi-Fi Protected Setup (WPS) wireless standard.
Two security researchers, namely Stefan Viehbock and Craig Heffner, have come up with tools that would help users to further ensure the security of their routers with Wi-Fi Protected Setup (WPS) wireless standard. Wi-Fi Protected Setup (WPS) wireless standard is developed for making it relatively easier to all non-technical users to protect their Wi-Fi routes using passwords. This is to ensure that no unauthorized usage is possible and wireless traffic is encrypted.
Majority of the router manufacturing companies, such as Belkin, D-Link Systems, Linksys, NETGEAR, and others, use WPS to let the users enable security for their routers. This is done by two ways. The first one is by entering the eight-digit code that is provided by the router company. The code is mostly printed on the router. The second way is by physically switching on a button present on the router.
The vulnerability, found by the two researchers, is about the response of the router to the wrong PINs entered. Whenever a PIN is entered, the WPS enabled router specifies if the first or the second half of the PIN is correct. This helps an attacker to figure out the wrong part of the PIN and then he can continue trying his luck by entering a lot of combinations. Slowly, he will be headed towards a correct PIN. This is known as brute force attack.
It is worth mentioning over here that to try finding out an eight-digit PIN, some 100 million trials would be required. But this vulnerability cuts down the required number of attempts to a mere 11,000 (as mentioned in Viehbock's research paper).
The vulnerability was first discovered by Craig Heffner independently. However, Stefan Viehbock was the first to report the vulnerability and release about its info publicly. Craig Heffner has come up with Reaver tool, which is available at Google Code. Stefan’s PoC Brute Force Tool can be found here.