US-CERT Warns Of Security Flaw In Wireless Routers
By Antone Gonsalves, CRN 5:40 PM EST Wed. Dec. 28, 2011
A vulnerability in millions of wireless home routers in use today makes it possible for hackers to crack a network's password, the U.S. Computer Emergency Readiness Team (US-CERT) has warned.
Security researcher Stefan Viehbock discovered the flaw in the Wi-Fi Protected Setup (WPS), a computing standard developed by the Wi-Fi Alliance and used in the majority of wireless home routers sold today, according to US-CERT. Manufacturers affected include Belkin, Buffalo, D-Link Systems, Cisco division Linksys, Netgear, Technicolor, TP-Link and ZyXEL.
WPS provides an easy method for non-technical people to set up an eight-digit personal identification number that's needed to connect a device to a home network. The vulnerability makes the WPS susceptible to a brute-force attack, which is when a hacker systematically checks all possible number combinations to find the right one.
When the first attempt fails, the router sends back a response in such a way that the attacker will be able to determine the first half of the PIN. This greatly reduces the amount of time needed to complete the number sequence, US-CERT reported Tuesday.
Viehbock discovered the flaw after noticing "a few really bad design decisions" in the WPS. "As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide," he said in his blog.
US-CERT said the only workaround for the flaw was to disable the WPS. The organization also recommended using WPA2 encryption with a strong password, disabling Universal Plug and Play, which lets any supporting device connect to a network, and enable Media Access Control address filtering, so only trusted devices can access the network.
US-CERT is part of the National Cyber Security Division of the U.S. Department of Homeland Security. The organization is a partnership between Homeland Security and the private and public sectors.
Thursday, December 29, 2011
Monday, October 31, 2011
A short thought for you.
Apple once again has released a new phone. The iphone 4s today has shown issues with battery life. A blog with about 100,000 reads and 1300 comments points out this issue. This is the second time Apple has released a product with issues that if they had a "public beta" before release we would see the ablity to reduce these kind of events. Microsoft has learned this with the release of Windows 7 which has proved that the Public can give the best feedback and reduce costly mistakes.
Apple once again has released a new phone. The iphone 4s today has shown issues with battery life. A blog with about 100,000 reads and 1300 comments points out this issue. This is the second time Apple has released a product with issues that if they had a "public beta" before release we would see the ablity to reduce these kind of events. Microsoft has learned this with the release of Windows 7 which has proved that the Public can give the best feedback and reduce costly mistakes.
Subscribe to:
Comments (Atom)