Wi-Fi password – “one second” hack allows attackers into many routers

A push-button function on many wireless routers designed to bypass the Wi-Fi password and provide quick access to the network could allow attackers to break in in just “one second”, reports have claimed. The Wi-Fi password flaw was found by Swiss security firm Oxcite, and allows hackers to bypass the security of Wi-Fi Protected Setup almost instantly, according to Engadget’s report. Rather than making thousands of guesses at the PIN code, the attackers make one guess, based on offline calculations. “It takes one second,” Dominique Brongard of Oxcite said. “It’s nothing. Bang. Done.”

Wi-Fi password: “It takes one second”

The attack is the latest in a series of weaknesses uncovered in popular models of routers – and affects routers using a chipset made by Broadcom and another , as yet unnamed, manufacturer. In both cases Oxcite claims, it would take roughly “one second” to guess the hotspot’s PIN code. The attack relies on poorly generated “random” numbers, and is not inherent to WPS itself, just the (as yet undisclosed) router models. The researchers believe, however, that the Wi-Fi password security flaw is relatively common, and advise users to switch off the WPS function (done from any router’s set-up page) until the problem is known to be solved. Research has shown that many popular router models ship with known Wi-Fi password vulnerabilities among others, which activist group Electronic Frontier Foundation attributes to the relatively low price of the devices, and the difficulty of budgeting for proper security updates. A We Live Security guide to keeping small-office and home routers as secure as possible can be found here.

“It’s nothing. Bang. Done.”

The Wi-Fi alliance said, speaking to Ars Technica, “A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices.” “It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings.”

Author , We Live Security

  • Robert.Walter

    I have purchased, and recommended for purchase, several variants of the Apple Airport router line.

    Regarding the recommendation above: “advise users to switch off the WPS function (done from any router’s set-up page) until…”, I know of no way to disable WPS Printer set-up on these devices as the Airport Utility app doesn’t offer this function.

    So unless these devices automatically turn off this function, or mitigate against this in some unknown/unobvious way, it seems currently impossible to eliminate this vulnerability.

    • dontcare

      It doesn’t effect all routers that have WPS, just “select models”.

      >”is not inherent to WPS itself, just the (as yet undisclosed) router models.”

      That said, WPS is inherently insecure since there are only 10,000 combinations and it’s super trivial to run through that many using tools like aircrack-ng. Super, super trivial. Not this trivial (one second) but less than an hour with a crappy netbook.

      However, you don’t need to worry about WPS printer setup, that’s for a subrouting feature in Airport routers _specifically_ for printing, it wouldn’t allow anyone access to the rest of your network, and it wouldn’t allow them to speak directly to your printer however they want (like they could if they had access to the network and the printer had a JetDirect card), instead you can pass instructions from your print spool to the router, which then feeds them to the printer (but only if they’re valid) so you’re safe on that front.

      • Corn Holio

        Erm, not true. As now nearly all routers will time out for a period upon recieving 3 rapid WPS requests so aircrack, reaver / pro etc are now almost useless against any modern routers.

        • dave

          reaver has options to insert a delay between guesses or to sleep for a period of time after a user specified number of guesses. this helps with this timeout issue.

Follow us

Copyright © 2017 ESET, All Rights Reserved.