Sunday August 31, 2014

WPS Authentication in Some Wi-Fi Routers Vulnerable to Offline Attack

Weak randomization is the attack vector in a recent exploit of Wi-Fi Protected Setup (WPS). The article doesn't talk about remediation options but turning off WPS is probably one way to start.

Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.