Thread: Wi-Fi: a vulnerability discovered in the WPS routers

A vulnerability has been discovered in the WPS - for Wi-Fi Protected Set-Up - present in many routers and access points, wireless. The WPS is a technology that allows to easily connect a computer as well as other Wi-Fi devices to a router without having to enter the PIN each time the unit. A touch of dedicated buttons simultaneously on the router and the device. It is also possible to connect using a simple 8-digit PIN.

8 With these figures, 100 million combinations are possible in theory allowing to offer a good level of security. Yes but now, an American researcher, Stefan Viehbock, just discovered that the WPS system with its 8-digit code has a design flaw.



In fact if the code sent to the router for the connection is wrong, the router will return an error message containing more information. They point especially if the first 4 digits entered are good or not but said the last correct digit code. This flaw can drastically reduce the time required for a brute-force attack to be executed. Because thanks to data provided directly by the router, it drops to only 11 000 possible combinations.

So just then to launch a program for decrypting passwords to break in less than two hours the protection of a router according to WPS Stefan Viehbock who developed a Python tool for this purpose. For now, no solution has been found to overcome this vulnerability. Meanwhile, it is recommended that users disable the WPS routers.