Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom HPE Zone Masergy Zenith Partner Program Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

US-CERT Warns Of Security Flaw In Wireless Routers

The vulnerability makes it possible for a hacker to infiltrate a network by cracking its password.

Security researcher Stefan Viehbock discovered the flaw in the Wi-Fi Protected Setup (WPS), a computing standard developed by the Wi-Fi Alliance and used in the majority of wireless home routers sold today, according to US-CERT. Manufacturers affected include Belkin, Buffalo, D-Link Systems, Cisco division Linksys, Netgear, Technicolor, TP-Link and ZyXEL.

WPS provides an easy method for non-technical people to set up an eight-digit personal identification number that's needed to connect a device to a home network. The vulnerability makes the WPS susceptible to a brute-force attack, which is when a hacker systematically checks all possible number combinations to find the right one.

When the first attempt fails, the router sends back a response in such a way that the attacker will be able to determine the first half of the PIN. This greatly reduces the amount of time needed to complete the number sequence, US-CERT reported Tuesday.

Viehbock discovered the flaw after noticing "a few really bad design decisions" in the WPS. "As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide," he said in his blog.

US-CERT said the only workaround for the flaw was to disable the WPS. The organization also recommended using WPA2 encryption with a strong password, disabling Universal Plug and Play, which lets any supporting device connect to a network, and enable Media Access Control address filtering, so only trusted devices can access the network.

US-CERT is part of the National Cyber Security Division of the U.S. Department of Homeland Security. The organization is a partnership between Homeland Security and the private and public sectors.

Back to Top



trending stories

sponsored resources