

Offline attack shows Wi-Fi routers still vulnerable - davidst
http://arstechnica.com/security/2014/08/offline-attack-shows-wi-fi-routers-still-vulnerable/

======
jradd
I am pretty sure this list is relevant [1]. I tested a few routers with reaver
and the avg time to crack pin took me about 6 hours . Be sure to disable WPS.
:)

List of routers vulnerable to WPS attack: [1]
[https://docs.google.com/spreadsheet/lv?key=0Ags-
JmeLMFP2dFp2...](https://docs.google.com/spreadsheet/lv?key=0Ags-
JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c)

~~~
jagermo
creator of the document here, thanks for the reminder. I am going to clean it
up asap.

~~~
jradd
oh snap! Thank you for this good sir!

------
tedunangst
Is the default state for most routers that you need to push the little WPS
button first, or is that different?

~~~
Mandatum
From my experience you're required to push the WPS button which remains active
for 3-5 minutes before turning back off in most cases. It was only a few of
the early "WPS-compatible" routers that default allow for PIN entry.

------
marco1
A simple lock down after several failed attempts would have fixed the normal
brute force problem (11,000 guesses), yet not this new one (1 guess). Why
don't manufacturers implement this, and why isn't it mandated by the
specification?

