Take browser passwords, for example. Everyone loves the convenience of not having to type in their user names and passwords whenever they go to log into their favorite websites. However, all a person needs is a minute or so of direct access to another's computer in order to pull up a list of said saved user names in the browser, snap a picture, and do the same for one's associated passwords.
And then there's WPS, or Wi-Fi Protected Setup, which allows people to connect devices up to their router merely by tapping a button on the router and inputting a special PIN number on the device.
Dominique Bongard, founder of Swiss IT security consulting firm 0xcite, has presented a means by which one's WPS PIN for one's router can be guessed much easier than the traditional way of going about it: a brute-force attack.
As Ars Technica reports, the exploit takes advantage of the randomization techniques employed by Broadcom and another unnamed chipset manufacturer. In the case of the former, the randomization implementation just isn't that good; in the case of the latter, the provided WPS code isn't very random at all.
Thus, an attacker doesn't even have to go through the slightly more laborious process of attempting to derive a WPS key from brute-force guesses. Said attacker only needs to verify the setup being used, perform some calculations, come up with the rules for the encryption method, and make a single guess at the WPS PIN.
"A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices. It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings," reads a statement from Wi-Fi Alliance spokeswoman Carol Carrubba, provided to Ars Technica. This isn't the first such exploit that's been uncovered for WPS. Stefan Viehböck published his technique in late 2011, one which greatly reduce the number of brute-force attempts needed to find a working WPS PIN. While router manufacturers can somewhat thwart this by implementing lock-out periods after a series of unsuccessful WPS fishing attempts, the exploit cuts the number of brute-force attempts needed from 100 million or so to a mere 11,000.
For someone with the right software (and a lot of free time), unsecured routers make for easy targets.
PCmag
No comments:
Post a Comment