Wi-Fi Protected Setup™ is an optional certification program based on technology designed to ease the setup of security-enabled Wi-Fi networks in home and small office environments. Wi-Fi Protected Setup supports methods (pushing a button, entering a PIN, or using NFC) that are familiar to most consumers to configure a network and enable security. An online bruteforce attack against WPS PIN was published in 2011. As a consequence, rate throttling and lockout of bruteforce attempts are now common remediation measures.
The security of the Wi-Fi Protected Setup (WPS) PIN-External Registrar protocol depends on the availability of a source of unpredictable random numbers to generate temporary keys. It is well known that this requirement is generally not met in embedded network devices.
In this talk, we present an attack which recovers the WPS PIN code in one single authentication attempt for devices which use guessable keys due to weak random number generation.
SPEAKER: Dominique Bongard