Allowing Brute Force Hack of PIN in Roughly Two Hours
The Wi-Fi Protected Setup (WPS) was a standard launched in 2007 by the Wi-Fi Alliance to simplify connecting to a wireless network — and simplify setting up encryption. With so many people failing to set up a router password because they found it too confusing, the standard implemented either/and a single button setup option, in addition to a simplified eight-digit PIN used by the AP and connecting devices. However, security researcher Stefan Viehbock has discovered a new security hole in the standard that alows a hacker to use brute force to access a WPS PIN-protected router — in roughly around two hours. Viehbock has written this paper (pdf) on the WPS vulnerability and has developed an as-yet-unreleased Python tool to brute-force the PINs.
Source: Karl Bode @ DSLReports
Memphis PC Guy: Disable WPS in your wireless router and manually setup WPA2 security with a strong password. Passwords are never meant to be easy to remember or easy to by-pass. In this ever increasing climate of security snafu’s, the easiest one to prevent is creatng a password that is easy to “guess”. Passwords should be a mixture of symbols (! @ # $ % .), letters (abcdefg), numbers (123456) and upper/lowercase (PaSsWoRD) to be most effective. A strong password would look something like M3mphi5.Pc.6uy!