Why was WPS not patched to make it secure?

Ask the WiFi Alliance.

It's probably the same reason the glaringly-obvious security hole was put in there in the first place. The people making decisions for WPS standard apparently do not care about security (or are mindbogglingly incompetent). Any freshman CS student giving it the least bit of thought will know its a mistake to check whether half of a password works and differentiate between which half failed in your response as described in your standard (so you don't even need to do a timing attack to differentiate the two cases). The only reason it was not immediately obvious to everyone when WPS-enabled routers first came out is that the standard documenting how WPS works is not free ($100) if you aren't a member (and membership costs a company $15k/year).

Granted, I believe many (most?) hardware manufacturers tried to patch WPS by just rate-limiting the number of bad attempts per second -- granted rate-limiting doesn't help much when you only need at most 11000 attempts to break a WPS pin (on average half of that). At the same time, presumably legitimate users may want to use this WPS feature, so they probably can't rate limit too severely and you can possibly get around the rate-limit by frequently changing your MAC address. WPS was a bad idea which became much worse with their actual severely flawed implementation.

Tags:

Wps