Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, Netrise researchers have confirmed.
WPS and the pixie dust attack
Wi-Fi Protected Setup (WPS) allows users to connect to their network by using an eight-digit pin instead of a password.
“[A pixie dust attack] targets weaknesses in the Wi-Fi Protected Setup protocol, exploiting poor entropy in key generation,” the company explains.
An attacker only needs to capture a single exchange (“handshake”), and the weakness allows them to brute force / recover the WPS PIN in mere seconds.
With the PIN, attackers can gain network access through the vulnerable devices.
Key findings
Netrise has analyzed the firmware 24 networking devices – routers, range extenders, access points, and hybrid Wi-Fi/powerline products – from 6 vendors. Half of the devices were TP-Link products. (The other vendors have not been named.)
“Devices were chosen based on known WPS support, availability of firmware images, and relevance to consumer and SMB networking markets,” the researchers shared.
Their tests revealed that out of the 24 devices, only 4 ever received fixes, and that it took those vendors around 9 years to deliver them.
Of the 20 that remain unpatched, 13 are still actively supported, and 7 reached end-of-life without fixes.
“Affected devices may appear secure due to UI settings that hide or disable WPS superficially, but remain exploitable at the firmware level. This creates silent exploit paths in high-trust environments such as branch offices, retail, and healthcare,” Netrise researchers noted.
Advice for organizations and vendors
Pixie dust attacks easily performed with widely available automated tools. But, since the attacker must be within Wi-Fi range of the vulnerable device to launch an attack, widespread attacks are unlikely to happen.
Nevertheless, the researchers say that the persistence of vulnerable WPS implementations reflects a systemic flaw in firmware supply chains.
“Legacy firmware continues to circulate, leaving networks open to rapid credential compromise. Many vendors provide vague advisories such as ‘Fixed some security vulnerability,’ which conceal the persistence of flaws like Pixie Dust. Worse, insecure defaults are inherited and reintroduced across devices, showing how weaknesses propagate silently through supply chains,” the company noted.
Organizations shouls audit default wireless configurations, and generate software bills of materials through binary analysis of the firmware image to detect vulnerable modules “even when source code or vendor disclosures are unavailable,” the researchers advised.
Vendors, on the other hand, should provide transparent advisories and use secure-by-default practices with cryptographic review for inherited components.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
Source link
