Many units are nonetheless susceptible to a Wi-Fi assault technique disclosed greater than a decade in the past, software program and firmware provide chain safety firm NetRise reported on Wednesday.
The assault, named Pixie Mud, got here to mild in 2014, when a researcher confirmed {that a} vulnerability associated to Wi-Fi Protected Setup (WPS) may very well be exploited to acquire a router’s WPS PIN and hook up with the focused wi-fi community while not having its password.
The Pixie Mud hack entails an attacker who’s in vary of the focused Wi-Fi community capturing the preliminary WPS handshake, which accommodates knowledge that may then be cracked offline to acquire the WPS PIN. The assault leverages the truth that on some units random numbers are generated utilizing predictable or low-entropy strategies.
The attacker solely wants seconds to seize the WPS handshake and the PIN can then be obtained offline inside minutes and even seconds.
NetRise has carried out an evaluation of 24 networking gadget fashions used in the present day to see if they’re nonetheless susceptible to Pixie Mud assaults. The units got here from six distributors, however half of them had been made by TP-Hyperlink.
NetRise’s evaluation confirmed that of the 24 routers, entry factors, vary extenders, and powerline/Wi-Fi hybrid techniques solely 4 have been patched towards Pixie Mud assaults, however in lots of circumstances the fixes got here after 9-10 years. Of the unpatched merchandise, seven have reached finish of life, however 13 are nonetheless supported.
Within the exams carried out by the safety agency, the WPS PIN was recovered in 1-2 seconds.
If twenty well-liked gadget fashions had been discovered to be susceptible to Pixie Mud assaults, that may translate to tens of millions of affected units. Commercial. Scroll to proceed studying.
“The persistence of susceptible WPS implementations displays a systemic flaw in firmware provide chains. Distributors reuse insecure libraries, fail to implement safe defaults, and supply little transparency. This exposes producers to reputational injury, potential regulatory motion, and authorized legal responsibility,” NetRise defined.
“Affected units might seem safe on account of UI settings that disguise or disable WPS superficially, however stay exploitable on the firmware degree. This creates silent exploit paths in high-trust environments resembling department workplaces, retail, and healthcare. Enterprises can’t reliably detect this publicity, leaving them depending on vendor disclosures that always by no means come,” the safety agency famous.
NetRise’s analysis comes after CISA warned not too long ago that an previous lacking authentication vulnerability impacting TP-Hyperlink Wi-Fi vary extenders has been exploited within the wild.
Associated: Organizations Warned of Vulnerability Exploited Towards Discontinued TP-Hyperlink Routers
Associated: Vulnerabilities Expose Helmholz Industrial Routers to Hacking
Associated: Chinese language APT Hacking Routers to Construct Espionage Infrastructure
