Belkin n150 validating identity
“It is very unlikely that nobody noticed that the way they designed the protocol makes a brute force attack easier than it ever should.” Separately, Craig Heffner, a researcher with Columbia, Md.based security consultancy Tactical Network Solutions, has released an open-source tool called “Reaver” to attack the same vulnerability.The problem, he said, is that most of the vendors did so in ways that make brute-force attacks slower, but still feasible.Earlier today, Viehböck released on his site a free tool that he said can be used to duplicate his research and findings, detailed in this paper (PDF).You also may be revealing the websites you visit while you use unsecured bandwidth.This risk applies in both directions, validating the many reasons to secure wireless signals and avoid purloining your neighbor's unprotected bandwidth.If the Wi-Fi signal onto which you piggyback turns out to be a fake hotspot, you may have stumbled onto a trap set up to steal passwords, files and other assets.Thieves can establish a source of wireless bandwidth and simply wait for the unwary to locate it.
Depending on whose Wi-Fi network you access, you may wind up providing your neighbor with personally identifiable information -- your own or that of your employees, vendors or clients -- when your files and passwords become visible to the owner of the network.
One way to protect against such automated attacks is to disallow authentication for a specified amount of time after a certain number of unsuccessful attempts.
Stefan Viehböck, a freelance information security researcher, said some wireless access point makers implemented such an approach.
Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use.
At issue is a technology called “Wi-Fi Protected Setup” (WPS) that ships with many routers marketed to consumers and small businesses.