Do you have a wireless network? Me too – I've had one for years. WiFi is easy to set up, there's virtually no administrative overhead, and the benefits are hard to ignore. It's no wonder so many businesses, public spaces, schools, and homes are going wireless.

Every network requires security, of course. In wireless networking, security standards are managed by the Wi-Fi Alliance. (Note: I spell it "WiFi," but the Wi-Fi Alliance, which owns the trademark, says "Wi-Fi." You, of course, are free to write it either way.) It is the Wi-Fi Alliance that has standardized on Wi-Fi Protected Setup, or WPS. Among its various specifications, the standard requires that each wireless router must have a unique eight-digit PIN. The PIN secures access to the network against unauthorized traffic and is key to encrypting wireless traffic. It must remain secret for the network to be secure. An attacker with the PIN could retrieve the network's password, reconfigure the wireless access point, or cause a denial of service.

The eight-digit format selected for the PIN allows for 100,000,000 possible combinations. This means that a brute-force attack, given an average two-second signal-response time, would take years.

Researchers have discovered flaws in the implementation of the WPS PIN standard, however. Routers send a response signal after the first four digits have been entered, indicating if they are right – which means the two halves of the PIN can be attacked separately. Getting the first half of the PIN requires a maximum of 10,000 guesses. The second half of the PIN is weaker because the eighth digit is a checksum. This means that after an attacker has correctly identified the first four digits, he need test only 1,000 additional combinations. (The total number of combinations is reduced, in this scheme, from 10^8 possible PINs to 10^4 + 10^3.) The bottom line is that the PIN can be ascertained in a maximum of 11,000 attempts – which means a hacker can breach the network in a couple of hours.

Virtually all routers that implement the WPS standard share this vulnerability, including routers from Belkin, Buffalo, D-Link Systems, Linksys/Cisco, Netgear, Technicolor, TP-Link, and ZyXEL, according to testers.

Researcher Stefan Viehböck tested a number of routers and found that only one vendor, Netgear, implemented an extra layer of security for its PIN. Viehböck found that Netgear routers slow their response time after being offered incorrect PINs repeatedly. The slowdown means that the tested Netgear router can be disarmed in a day, rather than in two hours.

There appears to be no workaround for this security vulnerability, save disabling WPS (which may not be possible with most routers).

Viehböck's technical paper detailing the vulnerability is available here.

Web recommendation: Analysts at Kapersky Lab have been hard at work on the Stuxnet and Duqu worms. They have concluded that both attacks were created by the same team, and that the team has probably developed additional malware. The report is here. J.D. says check it out.

J.D. Hildebrand has written hundreds of articles for dozens of publications and online communities dedicated to software development. He wishes you a happy new year.