Researchers have released two tools that can be used to exploit a vulnerability in a protocol that makes it easier to set up secure home Wi-Fi networks.
Stefan Viehbock, who first reported the vulnerability to the U.S. Computer Emergency Readiness Team, released a tool that can crack a home Wi-Fi network in two hours. And Craig Heffner of Tactical Network Solutions, who had been working independently on figuring out the same vulnerability that Viebock reported to US-CERT, has also developed a tool that will allow hackers to gain access to some secure Wi-Fi networks in four to 10 hours. His tool called Reaver is hosted on Google Code.
The vulnerability itself is inherent in the Wi-Fi Protected Set-up protocol. This protocol, which is often bundled into Wi-Fi routers, is designed to allow unskilled home users to set up secure networks using WPA encryption without much hassle. Users are then able to type in a shortened PIN instead of a long pass-phrase when adding a new device to the secure network.
The problem is that when security PINs are entered for access to the network, the router actually lets the user know if has gotten the first or last numbers of the 8-digit code correct. The code that Viehbock and Heffner have written use a brute-force approach, which means different combinations of PINs are tried over and over until one is found that allows the hacker access. This can be done since most routers don’t limit the number of attempts on the passwords used to access the router.
Typically, it would take a hacker about 100 million tries to crack an eight digit code. But because the router indicates whether or not some digits are correct, that number drops to around 11,000 attempts before access can be gained, according to Viehbock’s research paper. Once an hacker figures out the PIN, it’s much easier to figure out the router’s password and gain access to the network.
The security flaw could affect millions of people with Wi-Fi routers in their homes and businesses, since the protocol is integrated into most new wireless routers sold today. The US-CERT warning named all the major wireless router brands: Buffalo, D-Link, Cisco Linksys, Netgear, Technicolor, TP-Link, and ZyXEL.
So far none of these companies have responded to the US-CERT warning with a fix, nor have they provided comment to the press on this situation. CNET reached out to each of these companies. Buffalo and Cisco representatives said they were looking into the issue, but they have still not officially responded.
Viehbock and Heffner say this is why they have published their tools, so that they could draw attention to the issue.
The fix right now is that users can disable the WPS set-up on their routers.