WPS Authentication in Some Wi-Fi Routers Vulnerable to Offline Attack

Terry Olaes

I Used to be the [H] News Guy
Joined
Nov 27, 2006
Messages
4,646
Weak randomization is the attack vector in a recent exploit of Wi-Fi Protected Setup (WPS). The article doesn't talk about remediation options but turning off WPS is probably one way to start.

Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.
 
WPS has been known to have security flaws for a long time.
 
Agreed. WPS has been insecure for so long now that I've forgotten it even exists. CFW has removed it for several years now.
 
Back
Top