Cisco: Disable WPS in vulnerable Wi-Fi devices

Following on the availability of at least one tool that could be used to breach Wi-Fi Protected Set-up security PINs, Cisco Systems has issued a warning for users with a list of potentially vulnerable Cisco Wi-Fi products, and advice that WPS be disabled on these products.

It was first reported during the final week of 2011 that a security flaw in the design of WPS could allow a hacking tool to divide an eight-digit WPS Pin into two separate four-digit PINs that could be more easily cracked. The discovery led the U.S. Computer Emergency Response Team to issue a warning on the matter, but around the same time, a company called Tactical Network Solutions released a hacking tool, Reaver, for download, which the company said could exploit the WPS vulnerability

The Cisco warning issued Monday is one of the first to come out of a major vendor and list the products that could be vulnerable to Reaver attacks. Notably, however, it does not list products such as the Cisco Valet from the company's Linksys business unit.

In its warning, Cisco said that many of its Wi-Fi products employ a feature in the WPS 1.0 standard that causes a 60-second lockout after three unsuccessful attempts to authenticate a device requesting access. Though this could slow down an attack, Cisco said "this does not substantially mitigate this issue, as it only increases the time to exploit the protocol weakness from a few hours to at most several days."

Therefore Cisco has advised that the WPS feature be disabled altogether to prevent potential attacks. This has been the common advice from experts since the security flaw was discovered, though there have been reports that in some cases the WPS feature of an access point under attack would continue to respond to the attack even after WPS had been disabled. Cisco said in its warning that it has verified that the products listed do allow the WPS feature to be disabled into an unresponsive state.

For more:
- here's the Cisco security warning

Related articles:
Reaver was the first widely available WPS hacking tool
Researcher Stefan Viehbock went public with the WPS flaw