New attacks on Wi-Fi Protected Setup
Abstract
Wi-Fi Protected Setup (WPS) is a network security standard that is used to secure networks in home and office, introduced in 2006 by the Wi-Fi Alliance. It provides easier configuration setup and is used in almost all recent Wi-Fi devices. In this paper we propose two attacks on this standard. The first attack is an offline brute force attack that uses imbalance on registration protocol. This attack needs user action, but it is more efficient than previous attacks. The second attack uses weaknesses in the implementation of WPS and provides an improved evil twin attack. This attack shows that even by completely disabling the WPS on the routers, all vulnerabilities are not covered.
Keywords
Wi-Fi; WPS; evil twin; wireless network; security vulnerability