Offline attack shows Wi-Fi routers still vulnerable

Over the past few weeks, researchers at a Swiss security firm called “0xcite” have engineered an exploit to attack Wi-Fi Router’s Wi-Fi Protected Setup(WPS). Their remote exploit  allows an outside attacker to quickly gain access to a wireless router's network. Their exploit relies upon weak random number generation in hardware pins, a secret key used to authenticate a device onto a secure network, allowing anyone to passively and quickly collect enough information to guess the  correct hardware pin using offline calculations. Rather than attempting to brute force the numerical pins, calculating the correct pin, attacks and circumvents defenses instituted by organizations, companies and home users.

Past attempts have been made in brute forcing the router’s pin  which would require up to 11,000 guesses, a small number but taking approximately four hours to find the correct PIN to access the router's WPS functionality. Presently, this flaw has only been tested  and confirmed to affects two chipset manufacturers implementations Broadcom and Bongard. It is presumed that more router manufacturer’s random number generators fall short to this flaw since, most use reference software libraries, usually free software packages that serve as a basis for customized router software, which ultimately persistence  affecting their final products. According to  Bongard that used Broadcom reference libraries “Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness.”  

As for Broadcom and many other router manufacturers, that choose to have  their software and hardware certified by the WIFI Alliance,  in order to determine, maintain  and conform to certain standards of 802.11-compliant and interoperability between different vendor wireless devices. Router manufacturers that do not have their routers certified tend to be cheaper since they  use  underpowered  chipsets and inefficient proprietary  firmware, however this ultimately lead to security vulnerabilities and incapabilities between newer and older wireless devices. The Wi-Fi Alliance could not confirm whether the products impacted by the attack were certified. According to spokeswoman Carol Carrubba, "A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices," she said in a statement. "It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings."

Based on Carol Carrubba initial statement it seems to imply that overall technology standards across hardware and software do not directly imply cybersecurity and uniformity. Since router manufacturers have direct control over their implementations and can decide whether or not to comply to the WIFI alliance standards. From a security standpoint, compliance over standards  should not imply weak security measures  instead,  imply strong design and security  that are better than the WIFI alliance standards.