Swiss security researcher Dominique Bongard discovered that many popular routers’ use a “random number generator” intended to safeguard your password but it turns out those “random” numbers aren’t as random as they’re supposed to be.
Some are so poorly programmed that a hacker can easily determine the next numbers that the router will spit out. Some routers’ “random” number generators are so bad, it consistently just uses the number “0.”
To steal your Wi-Fi router’s password, all a hacker has to do is know the next number in the chain and send those to the router. The hacker also needs to know what model router you’re using, but that’s not all that tricky, given the popularity of consumer router brands and the number of default SSIDs.
Bongard said in the Passwordscon presentation that users should disable WPS until the outstanding problems are fixed. He also advised fellow researchers to check other access points for use of flawed pseudo random number generators.