Austrian information security student and researcher Stefan Viehböck recently discovered a design flaw in the WiFi Protected Setup that can allow attackers easy access into wireless network devices. The WiFi Protected Setup is a standard designed to allow easy set up of wireless home networks. It is included in many wireless devices, including those by Cisco/Linksys, Netgear, D-Link, and Belkin. Created by the Wi-Fi Alliance, the goal is to allow home users who know little of wireless security set up, and make it easy to add new devices to an existing network without entering long passphrases. The standard allows users to enter an 8-digit PIN to sync to the router and the device added to the network.
The flaw occurs when an incorrect 8-digit PIN required to access the device is rejected, additional information is returned with the rejection making it easier to modify following requests in such a way as to make the brute-forcing a lot faster. Viehbock wrote a brute-force tool and utilized it against several brands of routers. It took him an average of two hours to access the WiFi Protected Setup PIN-protected network. He advises users to deactivate WPS to mitigate the flaw. To read his full report, read his paper.