Posts Tagged ‘WPS-enabled Wi-Fi routers’

A vulnerability in the WiFi Protected Setup in some wireless routers threatens to make it easier for attackers to gain access to the router via brute force, a tech site reported.

The Hacker News said security researcher Stefan Viehbock discovered the vulnerability and reported it to the US Computer Emergency Readiness Team (CERT).

“I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide” The Hacker News quoted Viehbock as saying. (http://thehackernews.com/2011/12/easy-router-pin-guessing-with-new-wifi.html).

For now, US-CERT said the only workaround is to disable WPS.

“Although the following will not mitigate this specific vulnerability, best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network,” it said.

The CERT also indicated affected vendors include:

Belkin, Inc.
Buffalo Inc.
D-Link Systems, Inc.
Linksys
Netgear, Inc.
Technicolor
TP-Link
ZyXEL

Story Source…
—————–