Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom Ingram Micro ONE 2019 News Juniper NXTWORK 2019 News Lenovo Newsroom Lexmark Newsroom NetApp Data Fabric NetApp Insight 2019 News Cisco Live Newsroom HPE Zone Intel Tech Provider Zone

US-CERT Warns Of Security Flaw In Wireless Routers

The vulnerability makes it possible for a hacker to infiltrate a network by cracking its password.

Security researcher Stefan Viehbock discovered the flaw in the Wi-Fi Protected Setup (WPS), a computing standard developed by the Wi-Fi Alliance and used in the majority of wireless home routers sold today, according to US-CERT. Manufacturers affected include Belkin, Buffalo, D-Link Systems, Cisco division Linksys, Netgear, Technicolor, TP-Link and ZyXEL.

WPS provides an easy method for non-technical people to set up an eight-digit personal identification number that's needed to connect a device to a home network. The vulnerability makes the WPS susceptible to a brute-force attack, which is when a hacker systematically checks all possible number combinations to find the right one.

When the first attempt fails, the router sends back a response in such a way that the attacker will be able to determine the first half of the PIN. This greatly reduces the amount of time needed to complete the number sequence, US-CERT reported Tuesday.

Viehbock discovered the flaw after noticing "a few really bad design decisions" in the WPS. "As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide," he said in his blog.

US-CERT said the only workaround for the flaw was to disable the WPS. The organization also recommended using WPA2 encryption with a strong password, disabling Universal Plug and Play, which lets any supporting device connect to a network, and enable Media Access Control address filtering, so only trusted devices can access the network.

US-CERT is part of the National Cyber Security Division of the U.S. Department of Homeland Security. The organization is a partnership between Homeland Security and the private and public sectors.

Back to Top



sponsored resources