A WiFi Protected Setup (WPS) vulnerability has recently been discovered that reduces the brute forcing time significantly. The vulnerability can be exploited to find out when the first four digits of the eight digit pin are correct. Instead of having to try 10⁸ possible combinations, attackers now have to try 10⁴ + 10³ combinations which reduces the attempts from 100 million to 11000 in total.

That’s a significant reduction in attempts. Some wireless routers slow down brute force attempts automatically as a security precaution, others do not have those features implemented. The attack may also result in a denial of service condition according to information posted on the US-Cert website.

Attackers can exploit the vulnerability to brute force their way into wireless routers at a much faster pace than before.

The vulnerability can only be patched with a firmware update. While it is likely that newer models will receive an update eventually that patches the flaw, it is unlikely that all affected router models will receive one.

Computer users who are currently using WiFi Protected Setup should disable the feature and configure their router manually instead. It is recommended to switch to WPA2 encryption with a strong password. US-Cert furthermore recommends to disable UPnP and to enable Mac filtering. The latter may keep amateurs at bay, but not professionals.

The vulnerability disclosure page lists vendors that are affected by the vulnerability. The who is who includes D-Link, Netgear, Zyxel, Linksys or Belkin among others.

Setting up a router’s wireless connection manually is a challenging experience for less than tech-savvy computer users.

Additional information about the vulnerability can be found at Stefan Viehböck’s website. The author promised to release a brute force tool to demonstrate the impact of the vulnerability.

The Netgear WGR614L Open Source Wireless-G Router is compatible to well known firmwares like Tomato and DD-WRT with several others in the making. You might be asking about the benefits of running an Open-Source router in comparison to one that is not. It all boils down to something that gets updated regularly with new features versus something that does not get updated anymore after some time has passed since the initial release.

Netgear seem to have at least one person on board that is proficient with today’s Internet. They have created a community website just for their new line of Open Source routers which perfectly catches the latest Internet trend: Social community.

The website contains blogs, a news sections, downloads, tutorials and a nicely populated forum that is slowly picking up pace. While the Netgear WGR614L Open Source Wireless-G Router is clearly aimed at Linux users Windows users can obviously use the router as well. It retails for a reasonable price of $69 and got mostly positive comments at Amazon and other online shops that sell it.