Kiss WPS Good Bye

http://krebsonsecurity.com/2011/12/new-tools-bypass-wireless-router-security/

Fine for those that don’t have routers using the WPS for easier use.

But as the article mentions this brute force attack can take hours or even a day, that sort of attack is I would think not going to be targeted at the humble home user. Taking the precautions mentioned of having a time delay set after X number of attempts would put a crimp in those brute force attacks anyway.

So perhaps not quite as much of an issue as made out.

Found the coding that does this. Very interesting little python script.

My Belkin N-150 came with a card that has an 8 character password on it. It consists of 5 numbers and 3 letters so should be pretty hard to crack. It doesn’t say anything about WPS and only says the security type is WPA/WPA2. All I had to do when setting it up was to put in the provided password which I’m sure is different for every individual router sold.

On the box it says, Pre-configured security and Wi-Fi Protected Setup. I guess that means it does have WPS. I’m really not that concerned though.

I fail to get excited by these things, when the chances of it being used against a home user are limited. More so when there are relatively easier methods to make this even harder for the attacker.

Who is going to spend hours or a day (if the user leaves it on default settings) on a brute force attempt to find the key when what might be on a users system wouldn’t warrant this level of processing effort and time.

If your router is WPS, I would assume that there is a logo on it (see image).

Though this from the Belkin site says the N150 is WPS enabled.

Thanks to the strong built-in security, including [b]support for[/b] WPA, WPA2, [b]Wi-Fi Protected Setup[/b], and 64- and 128-bit WEP encryption, you will be protected from hackers and intruders trying to gain access to your sensitive files. [b]Setting up security is simple, too: just push the Wi-Fi Protected Setup button located on the front of the Router[/b]. The Router also supports VPN for making secure connections between the home and office.

Belkin designed the N150 Enhanced Wireless Router for ease of use and it’s backed by a 1-year l

There is a Pin number and a password and the attack is on the pin number (8 digits) and that would be alpha numeric. It is this which is taking hours a simple 8 numeric digit code could be broken much faster as there are much less permutations.

It’s just the N150 model, nothing about enhanced. The logo for WPS is on the box. I set it up with my XP laptop by using the disc that came with it. It said something about also using the disc on other machines that will connect but all I did on this Win7 one was try to connect to the network. I just had to put in the password and that was it. I never used the disc or pushed any button on the router and actually didn’t even know it was there until now. It works perfectly and says it is protected so I guess it’s okay. Like I said, I’m not concerned about the advisory. I live in a neighborhood where it shouldn’t be a problem. I show 2 other networks broadcasting but the signal strength is very weak. One shows as unprotected and I guess is from the nearby State University but I can’t connect to it lol.

You’re right though, there is both a password and a PIN code given on the bottom of the router. the PIN is just 8 numbers where the password is numbers and letters.

I just checked for firmware updates and there was one dated 12/27 so I guess Belkin is on top of this ;D.