Researchers find new vulnerability in wps function in routers
Security researchers have found a method to crack the WPS code of certain routers. The code could be ‘guessed’ by a number of calculations. Earlier it appeared that wps is susceptible to a brute force attack.
The vulnerability was discovered by Swiss security firm 0xcite, Ars Technica reports. Chipsets from Broadcom and from a second, unnamed company would be susceptible due to their own implementation of the wps protocol. The Wi-Fi Alliance said in a response that the vulnerability is not in the Wi-Fi protocol itself. However, because many router manufacturers use the implementation set out by the chip manufacturers, many products are vulnerable, but it is not clear which routers are involved.
According to the security researchers, the vulnerability is related to poor randomization of generated numbers in some wps implementations. As a result, the wps code can be ‘guessed’ with a series of calculations. It only takes one second to retrieve the wps code, according to the discoverers.
The wps protocol has previously been shown to be susceptible to brute force attacks because there is no maximum number of attempts to guess the code, and a security researcher discovered that the required PIN code is split into two pieces that can be attacked separately. As a result, only 11,000 attempts are needed to retrieve the code, something that takes several hours. The vulnerability has been known since 2011.