Updated January 2014 to cover a new TCP 32764 Wireless router Vulnerability.
A major security hole known as WiFi Protected Setup (WPS Bug) PIN brute force vulnerability (US-CERT VU#723755) has been recently found in virtually all modern Wireless Routers used in the home, resulting in a vulnerability that allows hackers to extract your WPA wireless security password in a matter of hours. Wi-Fi Protected Setup (WPS) is a protocol that allows users to press a button on their Wireless Router and connect to their computers without typing in a long cryptic password. A hole in this protocol has been recently found and exploited, allowing hackers easy access to cracking most wireless networks.
Why is this a major security problem?
- Virtually all wireless routers have this problem
- Many wireless routers (Qwest Actiontec, etc) use the same unchangeable PIN 12345670, hackable in seconds
- WPS is turn on by default to get certified by Wi-Fi Alliance
- Wireless routers do not automatically update their software to get a fix
- The number of PIN codes to test is only 11,000 instead of 100 million
- Attack software is available
The biggest issue is that virtually all wireless routers sold in the last 4 of years are hackable. The manufacturers need to update their firmware for these devices in order to fix the security breach. Virtually all wireless routers do not automatically update their firmware. As of January 16th, 2012, no manufacturers have issued updates, leaving millions of wireless networks vulnerable. Adding insult to injury, options to disable Wi-Fi Protected Setup (WPS) have been found to not do anything.
Why is getting your wireless password bad?
There are many reasons why you do not want your wireless password hacked.
- Others could use your Internet Connection Freely
- Spam or other illegal activities could be sent
- Everything you do on your network could be captured and read
- Your online banking and trading would no longer be secure