WPS Security Flaw: Are You Vulnerable?

Wireless Router Security is Important!

Wi-Fi Protected Setup (WPS) is a wireless standard that was developed to make the setup of wireless networks easier for non-technical users. But it's recently been discovered that a flaw in WPS makes it easier for hackers to gain unauthorized access to wireless networks. Wifi routers made by Apple, Belkin, Cisco, D-Link, Linksys, Netgear and other vendors could be vulnerable to the WPS security flaw.

If you're wondering why that might be a bad thing, consider this. Supposed someone tapped into your wifi to download pirated software, music or movies. What if they used your wireless connection to traffic in child p**n? You might have a hard time convincing the authorities that it wasn't you doing those things. My article Is Your Wireless Router REALLY Secure? tells the story of the family I mentioned above.

WPS relieves the user of responsibility for creating an SSID, network key, and other configuration settings for adding a device to a wireless network. Instead, WPS does all the setup after the user enters an 8-digit PIN number that is hard-coded into the router or access point. (There are other ways to implement WPS, but the PIN Method is the vulnerable one.) The PIN is typically printed on a label stuck to the device that it accesses. Supposedly, only an authorized user would be able to read the label.

If anyone can guess your router's WPS PIN, they could access your network, read any WPA or other encryption passwords, change configuration settings, and otherwise wreak havoc.

There are 100 million possible 8-digit numbers, so it might take years for a hacker to hit upon the right PIN using brute force methods. But the design of the WPS protocol dramatically reduces the number of attempts that a hacker must make before cracking a PIN. It really takes a maximum of only 11,000 attempts to guess a WPS PIN. That can be done in just a few hours, or days at most.

How to Identify and Fix the WPS Security Flaw

The Wi-Fi Alliance, an industry association that certifies wireless technology products, says in effect, "Don't worry, we'll make sure this gaping security hole is fixed on future devices." But they haven't given any advice for users who are faced with the problem of securing wifi routers currently in use. Even worse, the Alliance's website makes no mention of the WPS security problem, and still touts the advantages of this flawed technology. These folks should be pronouncing WPS as "whoops" and doing more to educate the public.

Currently, this security hole can only be plugged by turning off WPS, if your router is using it. If your router has a button labeled "WPS", "Push 'n Connect", or a button that looks like two arrows in a circle, those are signs that it uses WPS. Another giveaway would be a WPS PIN printed on a label on the back or bottom of the router.

Instructions for disabling WPS can be found in the user manual of your particular device. If you don't have the manual, you can search online for instructions using phrases that include the brand and/or model name, such as "disable wps belkin", "turn off wps netgear n300", etc. Or you can just login to your router, poke through the Setup screens, and find the WPS settings. If your router was installed by your internet service provider, they should be able to help you determine if WPS is enabled, and how to turn it off.

But even that may not protect you! Amazingly, some routers continue to respond to WPS PINs even after WPS is supposedly disabled! Linksys products, in particular, remain stubbornly vulnerable.

After disabling WPS, make sure to implement some other security protocol to keep your wireless network safe. Don't simply hide your SSID, as some people recommend. And don't rely on MAC address filtering (a method to ensure that only specific authorized devices can connect to your network) since both of those methods can be circumvented by determined hackers. And don't use the older WEP security protocol, which has been proven to be easily crackable. The WPA or WPA2 protocols, standard in most recent routers, remain the best choice.

If all of those acronyms sound like a bunch of geekspeak to you, my related article Wireless Network Security Checklist will show you how to lock down your wireless internet connection.

Your thoughts on this topic are welcome! Post your comment or question below...