US-CERT warns about security flaw affecting millions of wireless routers

December 30, 2011
Cyber Security, FedCyber Wire
No Comment

A design flaw in the WiFi protected setup (WPS) specification for the PIN authentication used by many wireless routers “significantly” reduces the time required to launch a brute force attack against the PIN because the flaw allows an attacker to know when the first half of the eight digit PIN is correct, warned the US Computer Emergency Readiness Team (US-CERT) in a vulnerability note.

The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on wireless routers makes this brute force attack that much more feasible.

via Infosecurity Magazine, continued here.