A researcher has discovered a security hole in WPS technology that affects millions of Wi-Fi routers around the world.
A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology. I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.
I reported this vulnerability to CERT/CC and provided them with a list of (confirmed) affected vendors. CERT/CC has assigned VU#723755 (will be released today) to this issue. To my knowledge none of the vendors have reacted and released firmware with mitigations in place.