clock menu more-arrow no yes mobile

Filed under:

Wi-Fi Protected Setup attack tools released to public

New, 23 comments

Two open source tool for cracking WPS PINs have been released. The tools can give attackers access to WPS-enabled networks in as little as two hours.


A lot has happened since we reported on the Wi-Fi Protected Setup (WPS) vulnerability found by Stefan Viehbock yesterday. It seems security firm Tactical Network Solutions (TNS) had independently discovered the vulnerability, working on it for nearly a year. On hearing of Viehbock's discovery, TNS released its open source Reaver tool for exploiting the vulnerability, partly as a way to draw attention to a commercial version of the software. This was followed shortly thereafter by Viehbock releasing his own WPSCrack tool in reply. Both tools are able to crack WPS PINs — Viehbock's in as little as two hours, TNS's in four to ten — after which both tools allow an attacker to easily recover the (much more secure) WPA password, giving him or her free access to the network.

With the vulnerability out in the open, TNS apparently saw an opportunity to draw attention to a commercial version of Reaver by releasing a free version with more limited functionality. Of course, once Reaver was publicly available Viehbock saw little reason to hold back on releasing his own script.

If you’re worried about the security of your home network, note that while WPS is often enabled by default it can usually be turned off in your router settings.