WiFi networks in India are prone to virus attacks, computer security analysts of Government of India have warned.
“WiFi Protected Setup (WPS) contains a design error that could allow a weaker-than-expected defence against brute-force attacks, which could allow an attacker to gain unauthorised access to the affected system,” warned the Indian Computer Emergency Response Team (CERT-In).
CERT-In, which works under the Ministry of Communication and Information Technology, is a national agency that keeps a tab on computer security incidents.
Do note that brute-force attack is a programme that hackers often use to crack and stealthily enter into an encrypted and password protected system.
Usually, users in India opt the WPS method to set up a wireless router for home network. In this method, the standard requires a PIN to be used during the setup phase.
“By design this method is susceptible to brute force attacks against the PIN,” said the agency in an advisory issued with high severity ratings.
“An unauthenticated, remote attacker within range of the wireless point could use the PIN to gain unautorised to the device to retrieve the password for the wireless network or change the configuration of the device,” it further added.
It also said that some WPS devices in the country “do not implement any kind of lockout policy for brute-force attempts, which greatly reduces the time to perform a successful attack.”
Advising the WiFi users, analysts of CERT-In said that one should disable the external registrar feature of the WPS to protect their device from virus attacks.