6

A flaw in WPS is that you can crack each half of the 8 numerical digits independently (2x 4 numerical digits are much easier than 1x 8 numerical digits).

However, since the flaw was discovered, why not apply a patch and only send a response if and only if the client has the whole password right? Implement a time-out and your router is secure for the next 1,000 years.

But why is the hole still open?

LB2
  • 420
  • 2
  • 8
Quora Feans
  • 1,881
  • 1
  • 12
  • 20
  • Good question, releasing WPS 2.0 with 7 digits + timeouts + ecdhe would solve the problem. Fixes nowadays are either to lock WPS feature after Xth try till reboot (usually X=10, even WPS button is then locked!) or to drop WPS with PIN from firmware (WPS button still works) – Smit Johnth Jul 11 '17 at 19:09

2 Answers2

3

Ask the WiFi Alliance.

It's probably the same reason the glaringly-obvious security hole was put in there in the first place. The people making decisions for WPS standard apparently do not care about security (or are mindbogglingly incompetent). Any freshman CS student giving it the least bit of thought will know its a mistake to check whether half of a password works and differentiate between which half failed in your response as described in your standard (so you don't even need to do a timing attack to differentiate the two cases). The only reason it was not immediately obvious to everyone when WPS-enabled routers first came out is that the standard documenting how WPS works is not free ($100) if you aren't a member (and membership costs a company $15k/year).

Granted, I believe many (most?) hardware manufacturers tried to patch WPS by just rate-limiting the number of bad attempts per second -- granted rate-limiting doesn't help much when you only need at most 11000 attempts to break a WPS pin (on average half of that). At the same time, presumably legitimate users may want to use this WPS feature, so they probably can't rate limit too severely and you can possibly get around the rate-limit by frequently changing your MAC address. WPS was a bad idea which became much worse with their actual severely flawed implementation.

dr jimbob
  • 38,936
  • 8
  • 92
  • 162
  • *"Ask the WiFi Alliance. "* +1 – Smit Johnth Jul 11 '17 at 18:38
  • *"I believe many (most?) hardware manufacturers tried to patch WPS by just rate-limiting the number of bad attempts per second"* - some just dropped WPS with pin from their firmware. AFAIK this violates the WPS standard, but who cares. – Smit Johnth Jul 11 '17 at 18:39
1

I know that this question is old but, I feel the need to follow up with what dr jimbo mentioned.

    "...you can possibly get around the rate-limit by frequently 
     changing your MAC address..."

Well while this is true, mac filtering during wps authentication has been further updated to a fixed rate and most manufacturers no longer rely on filtering the wps locked situation based on the number of attempt "per mac." Instead many have incorporated a general number of attempts total by ANY mac that tries to authenticate. For example:

    If 00:11:22:33:44:55 tries to attack twice and fails...
    And then 11:22:33:44:55:66 tries to attack...

The combined number of attacks by BOTH macs will trigger the wps locked state. Therefore making mac changing pointless.

Each lock time varies from vendor to vendor. Some will lock for 30 seconds on first failed attempt, some will lock for 60 seconds, some for 120 seconds, etc... It just depends on the vendor. However these are mostly vendor-specific firmware updates and it is not, to my knowledge, a standard practice from the WiFi Alliance. However, there has since been a method of getting around this general lock by using EAPOL flooding and Authentication DOS attacks to force the router to reset. This resets the rate limit timer and wps is no longer locked which allows the attack to continue.

I would assume that a good way to prevent this reset, is to have the external registrar operate on a totally different section of hardware that works independent of the main hardware. This separate section could have something like a CMOS battery which saves the wps states so that even in the case of a power shutdown, the locked state will remain in the case of a bruteforce attempt. I don't know its just a thought I have had as I have reset many routers using a simple tool called MDK3.

Yokai
  • 795
  • 4
  • 7