Push Button WiFi Flaw Just Got Worse

Category: Wireless

Back in April 2012, I reported that many WiFi Protected Setup (WPS) routers were vulnerable to brute-force hacking. Incredibly, not much has been done to address this flaw. To make matters worse, a security research team has invented a way to guess a vulnerable router’s password in as little as one second! Here's what you need to know...

Is Your Router Vulnerable?

Over two years ago, I published an article WPS Security Flaw – Are You Vulnerable?, which discussed a problem with routers that have the WPS (WiFi Protected Setup) feature. WPS is designed to make it easier to install a new router and connect your wireless devices.

The WPS flaw made it relatively easy for hackers to guess the PIN number needed to access a wifi router, and allowed intruders to gain unauthorized access. Once inside, they could use your Internet connection (possibly engaging in illegal activities), change router settings, and even lock you out.

Vendors promised at the time to beef up security on future WPS-enabled routers, but some models remain vulnerable. And in fact, the problem has gotten about ten thousand worse, according to security researchers in Switzerland.

WPS Security Flaw

The WPS standard calls for creation of an encryption key from a random “seed” number. This key is used to encrypt the router’s PIN, the passcode that users enter in order to log on to the router. But many manufacturers have been too cheap or lazy to include a simple random number generator in their firmware; they just use the system clock time, which hackers don’t even have to guess, or pull a number from a finite list of numbers that’s been leaked all over the Internet.

The effect of these shortcuts is to reduce the number of possible keys from millions to as few as 11,000. It takes hackers just four hours to try all 11,000 possibilities until they hit the correct key instead of years when the seed is “strongly randomized.” (Computer science has yet to come up with a 100% perfect random number generator.)

Widening the Strike Zone

Does your router use WPS? If your router has a button labeled "WPS", "Push 'n Connect", or a button that looks like two arrows in a circle, those are signs that it uses WPS. Another giveaway would be a WPS PIN printed on a label on the back or bottom of the router.

Now it takes just one try, most of the time. Dominique Bongard, founder of 0xcite, a Swiss security firm, has developed a method of guessing a router’s PIN correctly on the first attempt with a high probability of success. The calculations are done offline; one attempt is made to log in to the router, and usually it succeeds!

Bongard’s technique defeats the “three strikes and you’re out” safety mechanism built into many routers (and other systems) these days; the one that prevents further attempts to log in after three successive failures in limited period of time.

Router chipsets made by Broadcom are vulnerable to Bongard’s exploit; he says that a second chipset maker’s products are also vulnerable, but he doesn’t want to name that manufacturer until it has had a chance to fix the problem. The issue is further complicated because many router manufacturers use chipsets from Broadcom and the other unnamed vendor. So lots of router brands could be affected.

Broadcom has made no public comment on this issue, and neither has any other chipset maker. But there must be a lot of red faces behind corporate facades.

There should be a lot of firmware updates appearing on router makers’ websites very shortly, too. Search for one that matches your router and install it as soon as possible. If you don’t see an update that addresses this flaw, you may want to ask the manufacturer about it.

Until you’re certain that your router’s firmware is protected against this exploit, you should disable WPS and configure your router to ask users for a network key (also called a wifi password) instead of a WPS PIN. If you don't want to guess, just disable it and move on.

Because there are dozens of different routers, I can't give specific instructions for doing that here. But you can search online for your router's user manual, or even better: "how to disable WPS on XYZ router" (where "XYZ" is your router model). Your Internet service provider should also be able to help you do this.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 16 Sep 2014

For Fun: Buy Bob a Snickers.

Prev Article:
IFTTT: Your Personal Virtual Robot

The Top Twenty
Next Article:
Geekly Update - 17 September 2014

Most recent comments on "Push Button WiFi Flaw Just Got Worse"

Posted by:

Mac 'n' Cheese
16 Sep 2014

Damn. Is nothing safe any more?

Next, you'll be telling us there's some guy at the post office reading my post cards.


Posted by:

16 Sep 2014

Never trusted WPS. Turned it off in the router as I was setting it up on the day I bought it. When it comes to security the best way is to do some research and learn how to configure routers manually. One button methods have been suspect since their inception. My lack of trust in them is confirmed again!

Posted by:

16 Sep 2014

I have two routers, my cable access initially goes into a router that does not appear to have WPS that is the one my computer is connected to. The second is a router for cable TV and connects from the first one, this TV router does have WPS and I don't know if I turned it on. In any case I have TV and computer hard wired and WiFi is turned off on my computer. What is my vulnerability status with this set up?

EDITOR'S NOTE: If the wifi is enabled on the second router, then it could be vulnerable. I'd advise turning off the wifi on both routers (or at a minimum, disabling WPS) if you don't need it.

Posted by:

16 Sep 2014

What would you recommend we do if the router doesn't belong to us, I.E., the Cable Company? One would hope the Cable company would have addressed the issue long ago, but how do we know?

EDITOR'S NOTE: It doesn't matter who owns or rents the router. If it has WPS enabled, you should turn WPS off.

Posted by:

16 Sep 2014

I long ago manually configured my router to only accept specific MAC addresses (and I'm not using WPS). This usually isn't that hard to do, but you have to get the MAC address for each device to add it. It's a bit of a pain when adding some new device, but it requires anyone who wants to use MY network to ask me how to access it. I've been known to tell rude visitors who come to "visit" and then want to sit and stare at a screen that we don't have Internet access. Sorry, guess you'll just have to learn the art of conversation. ;-)

Posted by:

Byron M
17 Sep 2014

I learned very early about the WPS Pin vulnerability. I keep it disabled and create my own letter, number, symbol combination Pass Keys to connect to my WiFi. I also change it at least twice yearly. I have an indexed record of emails, sites and so many passwords/codes that it would be humanly impossible to remember them all without having them written down on paper in a book and tucked away.

I have found that if I want to really know about Internet/WiFi vulnerabilities to contact a Hacker or two. But don't use your own computer to do it :) Use a public free computer like at the library to chat with a Hacker and use an online email service just for that purpose.

Thank you Bob for the ongoing articles, information, knowledge and updates. I have garnered a great deal of my Internet and computer wisdom from your articles.

Posted by:

Don MacDonald
17 Sep 2014

I am not a very literate router user. I have a cheap one hooked to my PC that I use to download books from Amazon to my Kindle. The label on the router has WPS PIN #. I looked at my setup and it lists my security as WPA. Is that safer than WPS?

Posted by:

17 Sep 2014

WPS, did not know it at all, thanks

Posted by:

Brad S
17 Sep 2014

Not just WPS. You should also disable Remote Management and UPnP while you're at it. These can also make a router vulnerable to exploits.

Posted by:

18 Sep 2014

Well, it's obvious now that nobody should be writing the phrase 'WiFi "Protected" Setup' without the scare quotes.

Posted by:

21 Sep 2014

I was using a Linksys WRT110 router up until last night. After a lot of reseaarch I found out that my router is one of those that cannot disable the WPS function and as far as I can find out there is no firmware upgrade to defeat it. There is an upgrade (Tomato) that can be used on some Linksys routers but if it is used it voids the warranty. Info. on WPS is very slim to none. I switched out to a Trendnet router that I had for backup and it has a disable button for the WPS.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Push Button WiFi Flaw Just Got Worse (Posted: 16 Sep 2014)
Source: https://askbobrankin.com/push_button_wifi_flaw_just_got_worse.html
Copyright © 2005 - Bob Rankin - All Rights Reserved