Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: The Woops of WPS (Wi-Fi Protected Setup) raises its ugly head again

17 Apr 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
The Woops of WPS (Wi-Fi Protected Setup) raises its ugly head again

WPS (Wi-Fi Protected Setup) is an alternate on-ramp to a Wi-Fi network. Thinking that clicking on the name of a network and entering its password is too hard, the Wi-Fi Alliance came up with the WPS protocol back in 2007.

WPS allowed for both push-button and PIN-based access to Wi-Fi networks. Passwords? We don't need no stinking passwords.

A recent ZDNet article mentioned that the WPS protocol has been enhanced to include Near Field Communication (NFC). Now smartphones with NFC capability can join in the WPS fun. A press release from the Wi-Fi Alliance says "With the NFC method, the user connects two or more NFC-enabled products by tapping them together. Wi-Fi Protected Setup then automatically configures the network name and activates WPA2™ security."

The ZDNet article is typical of a large journalistic failure in that it omits the security issues. WPS is a huge security problem. A Wi-Fi network running WPS can be breached in a matter of hours, no matter how long or complex the Wi-Fi password is. Give the router a PIN number (usually on a sticker on the router) and it responds with the Wi-Fi password.

Change the password and WPS will happily provide the new one to anyone patient enough to ask repeatedly. Although the PIN is eight digits, a flaw in the protocol meant that bad guys only needed 11,000 guesses (CERT Vulnerability Note VU#723755 has details). Every possible PIN can be guessed in a matter of hours. After three wrong guesses, routers were supposed to pause for 60 seconds before accepting new guesses, but many did not.

A Guy

My System SpecsSystem Spec
17 Apr 2014   #2

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick

The 11,000 attempt to crack the eight digits PIN puzzled me and seemed incorrect, since eight digits PIN has 100 million possible variation. Until I've red CVE...

The implementation of the WPS PIN isn't really eight digits, it's broken down to two four digits blocks. As such, the exploit cracks by blocks. The crack of the first block of four digits, 10,000 possible variations, runs until the WPS confirms the first half of the PIN. The second block isn't really four digits, it's only three since the fourth digit in this block used as check sum. So the crack of the second block of the three digits, 1,000 possible variation, runs until the WPS confirms the PIN. And that's where the 11,000 number came from.

It's sort of like that LM hash used to be, split in the middle...
My System SpecsSystem Spec
17 Apr 2014   #3

Windows 7 ultimate 64-bit

oh boy.....lovely....just what i wanted to hear. Why dont router manufacturers just completely do away with the wps push button system all together. Especially if it causes so many security issues. 11000 guesses does not seem like that many and im sure it probably isnt.
My System SpecsSystem Spec

 The Woops of WPS (Wi-Fi Protected Setup) raises its ugly head again

Thread Tools

Similar help and support threads for2: The Woops of WPS (Wi-Fi Protected Setup) raises its ugly head again
Thread Forum
Wi-Fi Protected Setup now supports NFC for tap-to-connect access News
Trying to setup a Home Group - keep banging hy head against the wall Network & Sharing
Solved LocalMLS Rearing it's ugly head again Performance & Maintenance
Solved Wi-Fi Protected Setup security hole discovered. Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:18 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App