The Wi-Fi Protected Set-up standard came under fire earlier this week after a security researcher recently found that WPS security PINs can be cracked much more quickly than previously thought by dividing the PIN into two separate four-digit codes.
Researcher Stefan Viehbock said he might use the discovery to create a hacking tool that he would make available to others, but it turns out there is at least one WPS hacking tool already available: Reaver from Tactical Network Solutions. TNS has been using Reaver itself for a year, but decided to make it available to the open source community after Viehbock made his own discovery public.
TNS claims that Reaver takes between four to 10 hours to breach a WPS PIN. Ars Technica decided to put the tool to a test, and found that it broke through WPS on a residential Linksys 802.11g router in just over six hours.
Many Wi-Fi access points now have WPS enabled as a default in order to allow easier set-up of Wi-Fi Protected Access security. It can be turned off on some routers, which is what some observers are suggesting to do now as part of an interim solution to avoiding a WPS hack. However, the Ars Technica reporter found this didn't stop Reaver from breaching the access point because the capability apparently couldn't be turned off manually.
Many businesses may have something better than an older model 802.11g access point, though small businesses very well could be using models similar to the one Ars Technica broke into. If that is the case, it might be time to upgrade, and to plan on using WPA2 for protection. If panic starts to grow around the WPS vulnerability, the industry and consumers are going to start looking for to the Wi-Fi Alliance for guidance on what to do about a standard that was supposed to make things easier for customers, not crooks.
- read this Ars Technica post
Viehbock's discovery prompted a CERT warning
The Wi-Fi Alliance launched WPS in 2007