The now widely used Wi-Fi Protected Setup (WPS) standard is apparently not as protected as router makers had hoped. According to a new study, the PIN codes used to lock down the system can be brute forced on many devices by inputting incorrect PIN codes. Millions of routers and access points could be affected.
When a remote client attempts to access the device with a PIN, incorrect entries are met with a EAP-NACK message. This snippet of code can actually reveal the first half of the PIN, and the last digit is always the checksum of the PIN, so the number of possible PINs drops from 10^8 to just 11,000. With an automated system, it’s not impossible to try all the possible permutations in order to gain access.
Also troubling is the fact that many routers do not implement any sort of lockout policy for repeated incorrect PINs. That would allow an attacker to hit the device with a new PIN every second or two until it was cracked. Expect updated firmware on your router to at least patch this last problem.