Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack

Original release date: January 06, 2012
Last revised: --
Source: US-CERT

Systems Affected

Many different wireless access point models are affected.

Overview

Wireless access points with a feature called "Wi-Fi Protected Setup" (or WPS) could allow an attacker to gain access to your wireless network.

Solution

Update Firmware

Check your access point vendor's support web site for updated firmware that addresses this vulnerability.

Disable WPS

Depending on the model, you may be able to disable WPS on your access point using the web management site. Note that some access points do not actually disable WPS even though it appears to be disabled in the web management site.

Description

Wireless access points with a feature called "Wi-Fi Protected Setup" (or WPS) have a vulnerability that could allow an attacker to guess your access point's WPS Personal Identification Number (PIN) in a reasonable amount of time.

Software that performs this attack is freely available. An attacker would need to be within range of your wireless network for several hours or more to conduct the attack.

With the WPS PIN, the attacker could gain access to your wireless network. The attacker then may be able to observe your network traffic and mount further attacks.

 

References

• Vulnerability Note VU#723755 - <http://www.kb.cert.org/vuls/id/723755>
• Wi-Fi Protected Setup PIN brute force vulnerability - <http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/>
• Cracking WiFi Protected Setup with Reaver - <http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html>

---

Feedback can be directed to US-CERT.

---

Produced 2012 by US-CERT, a government organization. Terms of use

Revision History

January 06, 2012: Initial release