Hacker News new | past | comments | ask | show | jobs | submit login
Offline attack shows Wi-Fi routers still vulnerable (arstechnica.com)
40 points by davidst on Aug 31, 2014 | hide | past | favorite | 6 comments



I am pretty sure this list is relevant [1]. I tested a few routers with reaver and the avg time to crack pin took me about 6 hours . Be sure to disable WPS. :)

List of routers vulnerable to WPS attack: [1] https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2...


creator of the document here, thanks for the reminder. I am going to clean it up asap.


oh snap! Thank you for this good sir!


Is the default state for most routers that you need to push the little WPS button first, or is that different?


From my experience you're required to push the WPS button which remains active for 3-5 minutes before turning back off in most cases. It was only a few of the early "WPS-compatible" routers that default allow for PIN entry.


A simple lock down after several failed attempts would have fixed the normal brute force problem (11,000 guesses), yet not this new one (1 guess). Why don't manufacturers implement this, and why isn't it mandated by the specification?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: