Wi-Fi flaw gives up your password

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Swiss reseacher Dominique Bongard holds a home Wi-Fi router whose passcode he broke into with a single try.

LAS VEGAS, NV — Some popular home Wi-Fi routers use dumb computer chips that let hackers steal your password with a single try.

Swiss security researcher Dominique Bongard said many popular routers’ computer chips use a “random number generator” intended to safeguard your password — but it turns out those “random” numbers aren’t as random as they’re supposed to be.

Some are so poorly programmed that a hacker can easily determine the next numbers that the router will spit out. Some routers’ “random” number generators are so bad, it consistently just uses the number “0.”

To steal your Wi-Fi router’s password, all a hacker has to do is know the next number in the chain and send those to the router. The hacker also needs to know what model router you’re using, but that’s not all that tricky, given the popularity of consumer router brands.

A few keystrokes and voilà: The router gives up its own PIN code — and your Wi-Fi password. Once it gives up that passcode, hackers can join your network and steal data flowing between your devices and the router.

Bongard demonstrated his findings at the PasswordCon cybersecurity conference in Las Vegas on Tuesday using a common home router. He said the vulnerability only affects home routers that use a security standard called WPS — which many do.

“In just one try. Bang. Got it,” said Bongard. “It’s unbelievable.”


By Jose Pagliery


Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.