If you thought that your expensive Wi-Fi access point or router was secure, you may need to think again after a flaw was found in at least two of the chipsets used by hardware manufacturers.
Security is always on the top of the list of requirements for wireless networking these days, as it should be. With various ways of securing Wi-Fi access points out there, and with varying technical difficulty, there’s no reason to not keep your network safe.
Unless, of course, a security bug leaves your network wide open to hacking, and a hack that takes no time at all to do no less.
That’s the situation that an untold number of Wi-Fi routers find themselves in after security firm 0xcite announced its recent, worrying findings.
According to the Swiss security firm, a flaw in the way some routers handle Wi-Fi Protected Setup, or WPS, leaves them vulnerable to an attack that is not just relatively easy to do, but takes a second to carry out.
The flaw itself lets attackers generate the required security PIN offline and ahead of time, meaning that gaining access is then simply a case of providing that PIN when asked by the router in question. 0xcite says that some Broadcom chipsets are affected, along with another as yet unnamed company who is currently rushing to plug the hole from its side. That should be a simple case of improving or simply adding PIN randomization, though we obviously don’t know quite as much about the underlying issue as the people that matter do.
WPS is aimed at making it easy to connect devices to a Wi-Fi network, but it’s normally nice and secure. This hole will need fixing ASAP though, and with router firmware often rarely updated by end users, it’s anybody’s guess when we will be able to draw a line under the issue.