US-CERT warns of a flaws in WIFI Protected Setup (WPS) standard. Those design weaknesses allows attacker to launch brute-force attack and obtain router’s PIN number.
„When the PIN authentication fails, the access point will send [a message] back to the client. The...messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN“ - US-CERT states.
Users should turn off WPS.

Source: SC Magazine
29.12.2011