HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
A researcher has discovered a security hole in WPS technology that affects millions of Wi-Fi routers around the world.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Wi-Fi Protected Setup PIN Brute Force Vulnerability
- Thread starter HardOCP News
- Start date
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
Sweet, was looking to pick up a DLink DIR655, maybe prices will come down on them 
collegeboy69us
Supreme [H]ardness
- Joined
- Jul 27, 2003
- Messages
- 5,255
I'd love to know more... REALLY would love to know more about this *tee hee*
percydaman
Limp Gawd
- Joined
- Jun 26, 2011
- Messages
- 294
$100 this becomes a law enforcement 'feature.'
After the identification of the device's capabilities on both ends, a human trigger is to initiate the actual session of the protocol.
Reality check! The hacker listens from somewhere in the AP area for the unsuspecting network user to press the connect WPS button several hundred times.
This needs prompt attention? Yeah, sure. We'll get right back to you on that.
Reality check! The hacker listens from somewhere in the AP area for the unsuspecting network user to press the connect WPS button several hundred times.
This needs prompt attention? Yeah, sure. We'll get right back to you on that.
LightningCrash
2[H]4U
- Joined
- Dec 29, 2000
- Messages
- 2,470
Which part of "External PIN" made you think "Push Button Connect"?
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
I'm no security guru but it seems that very often attempts to make security simpler end up having holes in them. For that reason I've always disabled WPS on my routers. I don't think anyone running in a secure environment would have it turned on.
Sweet, was looking to pick up a DLink DIR655, maybe prices will come down on them
I was going the 655 route as well but settled on the cisco 4200 instead, not the $70 v2 cisco 4200 either.
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
Sweet, was looking to pick up a DLink DIR655, maybe prices will come down on them
I've had mine for 3 years now I think, it's worked well.
Yeah, don't know why this is a story. By design WPS is insecure. BUT, it is enabled by default on a number of routers so I guess 75% of users won't know to disable it. Just have to shake your head when you see that.
I think the point is that some of these routers don't need a human trigger and are always accepting input (probably not by design but the guy found a way around it).
RogueKitsune
Weaksauce
- Joined
- Apr 5, 2011
- Messages
- 110
I don't have the wireless for my router turned on, also my router only has the "push to connect" WPS. How's that for good security
This is really the correct answer. I do a slight variation though in that I find a PSK generator online to get a 63 character PSK that will be very hard to crack. I use cut and paste to put it in the router, and also save it to a text file. The text file is on a flash drive so no typing for me when I want to add devices to the network. I also have better security as long as the flash drive doesn't get lost.
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
So it seems that this is really only a problem for those who pull it directly out the box and plug it in letting it work?
Hopefully he releases the code soon, i'd like to peek around my neighborhood
Hopefully he releases the code soon, i'd like to peek around my neighborhood
Well and typing in the key (full of special characters probably) on a phone would be a pain in the ass.
LightningCrash
2[H]4U
- Joined
- Dec 29, 2000
- Messages
- 2,470
a problem i'm having on my phone after setting everything up in lastpass.
then: "oh you allow 255 character passwords? here's 255 with high entropy."
now: "f7u12 this is going to take 10 minutes to type in"