HackersWireless passwords vulnerable to hackers, US-CERT warns

Published 6 January 2012

The U.S. government is warning wireless users that their home and business networks are highly vulnerable to hackers

The U.S. government is warning wireless users that their home and business networks are highly vulnerable to hackers.

Stefan Viehbock, a freelance cybersecurity researcher, recently discovered a major security flaw in wireless Internet routers that leaves them susceptible to brute force attacks.

In a brute force attack, hackers try every single password possibility until the right one is found. With an eight digit password, there are 100,000,000 possible combinations which could take years for a brute force attack to succeed.

But, according to Viehbock, hackers can exploit a design flaw in most common Wi-Fi Protected Setups (WPS) to crack an eight-digit pin in a matter of minutes.

With WPS, devices can present the first four digits of a pass and the router will determine if it is the correct combination. In addition, the last digit of the PIN is just a checksum, which means hackers only have to guess the remaining three digits to determine the correct PIN number.

Armed with this tactic, hackers no longer have to try 100,000,000 combinations but only 11,000 in a brute force attack, Viehbock found.

On his blog, Viehbock wrote that this flaw “affects millions of devices worldwide,” as most common wireless routers have WPS enabled by default.

The majority of routers that Viehbock tested including those made by Belkin, Buffalo, D-Link, Linksys, Netgear, Technicolor, and TP-Link did not have any defenses set up to prevent an individual from repeatedly entering the wrong password.

After Viehbock’s discovery of the flaw, U.S.CERT issued a security bulletin detailing the weaknesses of WPS.

A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the eight digit PIN is correct,” the agency wrote in its warning.

The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible,” the warning continued.

According to U.S.CERT once an attacker obtains a WPS PIN they can cause a denial of service or intercept email and steal credit card numbers and passwords.

The agency is “currently unaware of a practical solution to this problem” and recommends users disable WPS on their routers and instead use WPA2 encryption with a strong password to secure their networks.