A major security hole known as WiFi Protected Setup (WPS Bug) PIN brute force vulnerability (US-CERT VU#723755) has been recently found in virtually all modern Wireless Routers used in the home, resulting in a vulnerability that allows hackers to extract your WPA wireless security password in a matter of hours. Wi-Fi Protected Setup (WPS) is a protocol that allows users to press a button on their Wireless Router and connect to their computers without typing in a long cryptic password. A hole in this protocol has been recently found and exploited, allowing hackers easy access to cracking most wireless networks.
Why is this a major security problem?
- Virtually all wireless routers have this problem
- Many wireless routers (Qwest Actiontec, etc) use the same unchangeable PIN 12345670, hackable in seconds
- WPS is turn on by default to get certified by Wi-Fi Alliance
- Wireless routers do not automatically update their software to get a fix
- The number of PIN codes to test is only 11,000 instead of 100 million
- Attack software is available
The biggest issue is that virtually all wireless routers sold in the last 4 of years are hackable. The manufacturers need to update their firmware for these devices in order to fix the security breach. Virtually all wireless routers do not automatically update their firmware. As of January 16th, 2012, no manufacturers have issued updates, leaving millions of wireless networks vulnerable. Adding insult to injury, options to disable Wi-Fi Protected Setup (WPS) have been found to not do anything.
Why is getting your wireless password bad?
There are many reasons why you do not want your wireless password hacked.
- Others could use your Internet Connection Freely
- Spam or other illegal activities could be sent
- Everything you do on your network could be captured and read
- Your online banking and trading would no longer be secure
Secure your computer, web browser, Internet connection
It is important that you not only secure your wireless router but also secure all the devices connected to it. Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.
How to hack a wireless network
Reaver is a Linux based attack program that can quickly exploit the Wi-Fi Protected Setup (WPS) bug and recover a wireless network’s password. This page has links to several articles on how to install and run Reaver.
How to tell if your wireless router is vulnerable
People have been running Reaver and testing to find Reaver vulnerable routers due to the WPS Bug. This Google Docs Spreadsheet is being updated as new results come in. If you test a configuration, be sure to add it to the spreadsheet.
- Wireless routers produced starting in 2007 have Wi-Fi Protected Setup (WPS), so older ones will not be vulnerable.
- Below are the major wireless router manufacturers and status reports on updates to their firmware to fix the Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability or how to disable WPS.
Actiontec Q1000 (Qwest) – Vulnerable
Apple – Not Vulnerable
ASUS – Vulnerable - Unverified: Disable WPS by Clicking Disabled in the WPS tab after clicking “Wireless” in the left hand column
Belkin – Vulnerable – Instructions to Disable WPS
Buffalo – Not Vulnerable – Uses DD-WRT with custom PIN code
D-Link – Vulnerable - Disable WPS by Unchecking Enabled in the ADVANCED tab > WI-FI PROTECTED SETUP
Dynex – Vulnerable
Huawei – Vulnerable
Netgear – Vulnerable – Instructions to Disable WPS
Technicolor – Vulnerable - Instructions to Disable WPS
Tomson – Vulnerable
TP-Link – Vulnerable - Disable WPS by Clicking Disabled WPS after clicking “WPS” in the left hand column.
TRENDnet – Vulnerable – Disable WPS by Selecting Disabled in the WPS Config after clicking “WPS” in the left hand column under Wireless.
ZyXEL – Vulnerable
If your wireless router does not have a solution to the WPS security hole, consider using alternative 3rd party firmware (if available), which is covered below.
How to protect your wireless network from the WPS PIN Brute Force Vulnerability
If you have a vulnerable wireless router and a fix is not available, consider purchasing a new wireless router that is not affected. This Belkin Wireless N router is cheap and can be configured correctly.
Here are some methods to prevent the WPS pin vulnerability from being exploited on your wireless router.
- Wi-Fi Protected Setup (WPS) – Disable this feature (if possible) and enable manual setup, even though it makes setup much easier. Use a test tool to verify that WPS really got turned off.
- Broadcast SSID – Disable this feature. This is needed for WPS to function, so this can help mitigate the problem.
- Some Older Linksys router security incorporated SecureEasySetup™ (SES), which can be disabled to increase security.
- Implement the security tips in our How to Setup a Secure Wireless Router article including utilizing timers to shut off your router when it is not needed, and repositioning the wireless router to limit coverage. Also watch for unknown wireless devices utilizing your network, by examining DHCP leases.
- Use WPA2 Enterprise security. This requires a RADIUS server, so it is for companies or sophisticated individuals.
Third Party Wireless Router Firmware to prevent WPS attack
Open Source alternatives to the software running on your wireless routers is available for some units.
- 3rdParty Firmware or software for the wireless router is often available with additional features not available from the manufacturer’s firmware
- Why? – Need a particular special feature. Often only for power users.
- What features would be available? – Stability, security, configurability
- Wireless Router Compatibility – Check website to see if your wireless router is supported by 3rd party firmware
- DD-WRT – Popular 3rd party replacement firmware for many wireless routers.
- OpenWRT - Another Open Source firmware for wireless routers.
- Tomato – Popular 3rd party replacement firmware for many wireless routers.
- TomatoUSB - Supports different routers than Tomato
The Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability is a major wireless security bug that affects millions of people, potentially allowing hackers to steal a lot of information. We have covered many ways to address the problem and will continue to update this article as manufacturers produce solutions.