Beveiligingsonderzoeker Stefan Viehb lwa ck has a dangerous security hole has been discovered in the wps specification, which attackers are using a brute force method to access an access point can provide.
With wps, it is possible to press the button of the access point and the device that you want access, this two to connect with each other. Also can connect to the access point by a pin-code at the client. On the contrary in the authorisatieproces of this pin-code is according to Viehböck, the discovered vulnerability. It was going to be a design flaw of the wps specification. The CERT has as a result of the vulnerability a Vulnerability Note issued.
In the paper, that Viehböck has written about the wps vulnerability, is that the problem lies in the EAP-NACK message to the access point to the client sends. This message is to cause, or the first half of the pin-code is correct. Because the last digit of the pin code, a checksum of the first seven digits of the pin code, it turns out that maximum of 11,000 attempts are needed to use the brute force method the correct pin code.
All major vendors of routers and access points such as Cisco/Linksys, Netgear, D-Link, Belkin and Zyxel to deliver wps-compatible devices, and a large part of it has wps activated by default. As long as there are no limits to the number of login attempts has an attacker up to four hours to complete all pin combinations to try.
By making use of a so-called lock-down after a number of failed login attempts with passwords, the longer it takes before the vulnerability can be exploited. Especially the increase of the lock-down time makes the attacker more difficult. So would a lock-down after five failed attempts and a lock-down time of sixty minutes to ensure that after a maximum of 92 days for a pin-code is cracked. The best protection according to Viehböck is to deactivate the wps-functionality of access points.
