Two new tools exploit router security setup problem

The tools can be used to figure out the access code for many brands of wireless routers

Researchers have released two tools that can take advantage of a weakness in a system designed to let people easily secure their wireless routers.

One of the tools comes from security researcher Stefan Viehbock, who publicly released information this week on the vulnerability in the Wi-Fi Protected Setup (WPS) wireless standard.

The standard is intended to make it easier for non-technical people to password protect their routers to prevent unauthorized use and encrypt wireless traffic.

Most major router manufacturers use WPS, including products from Belkin, D-Link Systems, Cisco's Linksys, Netgear and others. It allows a user to enter an eight-digit random number often printed on the router by a device manufacturer to enable security. Another method supported by WPS involves pushing a physical button in the router.

The vulnerability, which was also uncovered by Craig Heffner of Tactical Network Solutions, involves how the router responds to incorrect PINs. When a PIN is entered, the router using WPS will indicate whether the first or second halves of the PIN are correct or not.

The problem means it is easier for attackers to try lots of combinations of PINs in order to find the right one, known as a brute-force attack. While determining an eight-digit PIN would normally take some 100 million tries, the vulnerability reduces the needed attempts to 11,000, according to Viehbock's research paper.

If an attacker has the PIN, it can then be used to figure out the router's password. Viehbock wrote on Thursday that his proof-of-concept tool is a bit faster than Reaver, a tool released by Heffner and Tactical Network Solutions. Both of the tools enable brute-force attacks.

Reaver is hosted on Google Code. Its authors say that it can recover a router's plain-text WPA or WPA2 password in four to 10 hours, depending on the access point. "In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase," according to a release note.

Many routers also do not limit the number of guesses for a PIN, which makes brute-force attack feasible, according to an advisory from the U.S. Computer Emergency Readiness Team (CERT). The organization wrote that it was unaware of a practical solution to the issue.

Heffner wrote that his company has been perfecting Reaver for nearly a year. Tactical Network Solutions decided to release the tool after the vulnerability was made public. It is also selling a commercial version with more features.

Users can disable WPS to prevent an attack, but Heffner wrote that most people do not turn it off.

"In our experience even security experts with otherwise secure configurations neglect to disable WPS," he wrote. "Further, some access points don't provide an option to disable WPS or don't actually disable WPS when the owner tells it to."

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Mobile

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?