Skip to content

Brute force hacking – But why do I have to disable the WPS pin on my home router?

04/01/2013

WPS – What is it?

All routers since 2007, have Wifi Protected Setup [WPS] in order to be certified.  WPS is often a push button on your router – or it may be printed on the bottom of your router.

See the DLink WPS PIN listed.

wps 1

The problem is that the PIN, is divided into two halves – which makes it easy to hack.

The attacker can work on each half of the PIN – to crack the code

wps2

wps 1st half pin

Time to crack

Normally it’s stated that cracking would take between 2 and 10 hours.

The longest I’ve seen anyone take – was 3 hours.

The router literally will hand the hacker your router PIN.

And then they can connect, and download.  They can even disconnect your home pc, and block you out of your own router, as they download child porn.

wps 2nd half pin

Basically, it’s your router, your network, your ISP, but it’s under the attackers control.

Mitigation

Turn off WPS – if you can.

wps mitigation

How I cracked my neighbor’s WiFi password without breaking a sweat

wps pin

Wifi Protected Setup – Routers from 2007

wps defined

References:

https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

WPS Flaw Vulnerable Devices – List of Router Models and whether vulnerable to WPS attacks

https://uwnthesis.wordpress.com/2013/07/21/wps-flaw-vulnerable-devices/

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 119 other followers

%d bloggers like this: