Offline bruteforce attack on WiFi Protected Setup

Wi-Fi Protected Setup™ is an optional certification program based on technology designed to ease the setup of security-enabled Wi-Fi networks in home and small office environments. Wi-Fi Protected Setup supports methods (pushing a button, entering a PIN, or using NFC) that are familiar to most consumers to configure a network and enable security. An online bruteforce attack against WPS PIN was published in 2011. As a consequence, rate throttling and lockout of bruteforce attempts are now common remediation measures.

The security of the Wi-Fi Protected Setup (WPS) PIN-External Registrar protocol depends on the availability of a source of unpredictable random numbers to generate temporary keys. It is well known that this requirement is generally not met in embedded network devices.

In this talk, we present an attack which recovers the WPS PIN code in one single authentication attempt for devices which use guessable keys due to weak random number generation.

SPEAKER: Dominique Bongard

Advertisements
This entry was posted in ASFWS 2014, Talks. Bookmark the permalink.

2 Responses to Offline bruteforce attack on WiFi Protected Setup

  1. Pingback: - BUSINESS COMMANDO

  2. Pingback: YVERDON CYBERDEFENSE & CTF = APPSEC Forum 2014 - DIGITAL COMMANDO

Comments are closed.