Security researcher Stefan Viehbock discovered the flaw in the Wi-Fi Protected Setup (WPS), a computing standard developed by the Wi-Fi Alliance and used in the majority of wireless home routers sold today, according to US-CERT. Manufacturers affected include Belkin, Buffalo, D-Link Systems, Cisco division Linksys, Netgear, Technicolor, TP-Link and ZyXEL.
WPS provides an easy method for non-technical people to set up an eight-digit personal identification number that's needed to connect a device to a home network. The vulnerability makes the WPS susceptible to a brute-force attack, which is when a hacker systematically checks all possible number combinations to find the right one.
When the first attempt fails, the router sends back a response in such a way that the attacker will be able to determine the first half of the PIN. This greatly reduces the amount of time needed to complete the number sequence, US-CERT reported Tuesday.
Viehbock discovered the flaw after noticing "a few really bad design decisions" in the WPS. "As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide," he said in his blog.
US-CERT said the only workaround for the flaw was to disable the WPS. The organization also recommended using WPA2 encryption with a strong password, disabling Universal Plug and Play, which lets any supporting device connect to a network, and enable Media Access Control address filtering, so only trusted devices can access the network.
US-CERT is part of the National Cyber Security Division of the U.S. Department of Homeland Security. The organization is a partnership between Homeland Security and the private and public sectors.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
