What is WPS?
The WPS standard requires a PIN to be used during the router setup phase, one that is often printed on the wireless router or access point.
Why is WPS a problem?
It sounds simple and easy; use a PIN to connect to your wireless instead of a weird string of letters that no one remembers. The issue is how WPS has been deployed/”idiot-proofed.” Unlike a router password, the PIN is something that can’t usually be changed by the router’s owner.
According to a paper published by Stefan Viebock, the vulnerability with WPS comes with its easy PIN system which may be simpler for consumers, makes the router completely vulnerable to hacking. Many router manufacturers used a simple string of numbers like 12345670 for ALL of their routers.
To make the problem worse, many WPS-ready wireless routers don’t offer a lockout feature, meaning attackers can continue to attempt to connect at their leisure without any preventative measures being taken by your equipment. So even if you know someone is improperly accessing your network and doing something unsavory, the only way to stop it is to not use the router.
According to Threatpost, it gets worse:
The US-CERT is warning about a vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router’s setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points.
Brute force attacks are another way to saying that someone can use a program or script to continually badger your router with passwords based on the type of security the router has until it finds the solution.
So basically the router manufacturers/networking companies made products with the world’s worst password, a terrible defense protocol, and on top of that you aren’t able to change the terrible password. How awesome is that?!?
A List of Routers with WPS Defects
Here’s a list of major router models and manufacturers and if they affected by this WPS Wi-Fi Alliance issue (via SafeGadget.com):
- Actiontec Q1000 (Qwest) – Vulnerable
- Apple – Not Vulnerable
- ASUS – Vulnerable – Unverified: Disable WPS by Clicking Disabled in the WPS tab after clicking “Wireless” in the left hand column
- Belkin – Vulnerable
- Buffalo – Not Vulnerable – Uses DD-WRT with custom PIN code
- Dynex – Vulnerable
- Huawei – Vulnerable
- Netgear – Vulnerable – Instructions to Disable WPS.
- Technicolor – Vulnerable – Instructions to Disable WPS.
- Tomson – Vulnerable
- TP-Link – Vulnerable – Disable WPS by Clicking Disabled WPS after clicking “WPS” in the left hand column.
- TRENDnet – Vulnerable – Disable WPS by Selecting Disabled in the WPS Config after clicking “WPS” in the left hand column under Wireless.
- ZyXEL – Vulnerable
There is also a publicly shared Google Docs spreadsheet that lists user testing of specific routers and models.
Cisco Knowledge Base has a list of their routers that have firmware updates that are supposed to fix the WPS issue. We have not tested these “fixes” as we use alternative firmware to solve this flaw.
What can you do to solve the WPS issue?
Through early 2012, many manufacturers had not released firmware updates to protect users from this huge flaw. If they did, the average user does not even know that they can update the firmware to their router, or where to even start when trying to do it themselves.
One solution if you fear the WPS vulnerabilities is ditching the easy-to-crack routers is upgrading to DD-WRT. You can check if you have a DD-WRT capable model here but please make sure to match the model number before flashing and follow the instructions specific to your model. Note: We can not be held responsible if a user tries to secure their network and ends up bricking their router, which happens frequently.
An even safer solution is to buy a router with DD-WRT already loaded onto it. Popular models include the latest high-end Linksys model, the WRT3200ACM DD-WRT which has all the bells and whistles but when arriving with DD-WRT had additional safety and security measures built-in to prevent network cracking and the onslaught of brute-fore attacks.
While no solution is full proof, now having WPA as an available option can make you feel a little safer about your DD-WRT network.