Skip to main content

US-CERT Issues Warning About Current Wi-Fi Protected Setup Standard

The current Wi-Fi Protected Setup standard suffers from a major vulnerability that could eventually affect the security of hundreds of thousands of Wi-Fi access points and routers, according to an advisory issued by the US-CERT.

The WiFi Protected Setup standard is primarily aimed at limiting the number of attempts that mischievous elements could make using a brute force attack hacking technique.

According to US-CERT, the existing security mechanism returns a lot more information than needed about the rejected PIN entered by the attacker, however. The flaw, needless to say, eventually makes the pin quite weak.

The flaw was first noticed by Stefan Viehbock - a prominent security researcher who then reported it to the US-CERT. The problem, according to the agency, is capable of affecting a handful of products from different vendors like Netgear, D-Link, Buffalo and Linksys.

"When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct," read the advisory by US-CERT, ThreatPost reports.

"Also, the last digit of the PIN is known because it is a checksum for the PIN," it added.