I have written several posts on securing a wireless router. I have even written posts that provide step-by-step detail on how to secure specific models of wireless routers. While you should enable WPA2 and use a strong passphrase, that may not be enough to keep your wireless network protected by unauthorized users.
In many routers manufactured today, there is a known issue related to a technology that has been pushed by the wireless industry to make setting up and securing a wireless network easier. Unfortunately, this new technology has also opened up a large security hole that can allow unauthorized users access to your wireless network – even if you secured your network with WP2 and a strong passphrase.
WPS – WiFi Protected Setup
When wireless networks started to become popular, many people weren’t aware of the security that needed to be implemented in order to protect their network. Most people were just used to use standard network routers where you just plugged in a computer using a network cable and everything was good to go.
Unfortunately, with wireless, security is vital. Anyone with a wireless network card that is within range of your wireless router can connect to your network. The problem is that many people don’t understand how to properly secure a wireless router. Let’s face it, many people don’t want to navigate through an array of confusing options and try to understand terms like WPA, WPA2, AES, TKIP, etc.
In 2007, the WiFi Alliance created WiFi Protected Setup (WPS) that provides an easy way for someone to configure and setup security on a wireless network. The way WPS works is a wireless router is shipped with a personal identification number (PIN) – usually 8 digits in length – that is printed on a sticker on the router. With WPS, a user can then enable encryption for the wireless network by pressing a button on the router and then entering the PIN in the network’s setup wizard.
While this sounds like a great way of connecting devices to a wireless network easily, there is one issue: is can easily be hacked. WPS was created with usability in mind and not security.
In December 2011 researcher Stefan Viehböck reported a flaw that showed brute-force attach feasible against WPS. This flaw allows unauthorized users to gain access to a wireless network.
While the PIN is an 8 digit number, the last digit is a checksum of the first 7 digits, which leaves 107 = 10,000,000 possible PIN numbers. The issue is that the router will confirm validity of the first half (4 digits = 10,000 possibilities) and the second half (3 digits = 1,000 possiblities) separately, which reduces the number of possibilities to guess to about 11,000. Since WPS doesn’t lockout after several incorrect attempts, it wouldn’t take long for a device to guess the correct PIN and gain access to the wireless network..
Protecting Your Network
The issue with WPS is that many routers may have it enabled by default – even if you have used the feature or not. This makes your wireless network vulnerable to a brute-force attack.
The only solution, at the moment, is to disable WPS from within the router’s administrative dashboard. Some routers provide an option to disable WPS, while others require a firmware update. My Linksys E4200 required a firmware update to disable WPS.
If you are unsure of whether your router provides the ability to disable WPS, you should ask the manufacturer, or use their support forums and ask other owners. You may have to update the firmware on your router, as I had to do.
While WPS provides an easy way to attach devices to your wireless network, the lack of security in such a feature, in my opinion, far outweighs the usability. I suggest you manually attach devices to your network, once the network is secured, and turn off WPS instead.