Swiss security researcher Dominique Bongard said many popular routers’ computer chips use a “random number generator” intended to safeguard your password — but it turns out those “random” numbers aren’t as random as they’re supposed to be.
Some are so poorly programmed that a hacker can easily determine the next numbers that the router will spit out. Some routers’ “random” number generators are so bad, it consistently just uses the number “0.”
To steal your Wi-Fi router’s password, all a hacker has to do is know the next number in the chain and send those to the router. The hacker also needs to know what model router you’re using, but that’s not all that tricky, given the popularity of consumer router brands.
A few keystrokes and voilà: The router gives up its own PIN code — and your Wi-Fi password. Once it gives up that passcode, hackers can join your network and steal data flowing between your devices and the router.
Bongard demonstrated his findings at the PasswordsCon cybersecurity conference in Las Vegas on Tuesday using a common home router. He said the vulnerability only affects home routers that use a security standard called WPS — which many do.
“In just one try. Bang. Got it,” said Bongard. “It’s unbelievable.”