WiFi Protected Standard vulnerability – Cracked, Bruteforced and Documented

A new critical flaw in Wi-Fi Protected Standard (WPS) has recently been uncovered by Security researcher Stefan Viehböck that leaves wireless routers open to attack. The inherent vulnerability lies in the design protocol that splits the 8 digit PIN in two halves which reduces its complexity and henceforth the time required to crack it. Simple permutations and combinations deduce that an 8 digit pin will create 100 million possible combinations and during his testing Stefan found it takes 2 seconds to test each combination, so bruteforcing was not a feasible option.

Unfortunately, after entering the first 4 digits of a pin, the protocol used by WPS confirms if they are correct or not, which means the pairs can be attacked separately. Also, the remaining 4 digits is just a checksum, so if an attacker has the first 4 digits, he just have to try ~1000 combinations to crack it open , which brings it to a total of 11000 different combinations to the correct pin which reduces the attack time into a matter of hours. You can find the documented PDF here and read the awesomeness.

I guess router manufacturers are up for a software fix, till then , I guess we all have to go back to MAC address .

You can also read how to Hack Wifi using Backtrack , How to detect if someone is using your WiFi  or how to detect WiFi hotspots . If you are having an Android, you can also read about how to use your Android for Wardriving.