Turn Off WPS on Your Router

What is WPS

The WiFi Protected Setup (WPS) wireless standard was created to make it easier for non-tech people to setup encrypted Wi-Fi connections. It was adopted by most of the consumer router manufacturers (Belkin, D-Link, Cisco's Linksy), Netgear). Of course, it hasn't been vetted by a large security community like the standard protocols are. It works either by pressing buttons on both the router and the external device, or by entering an 8 digit number usually printed on a sticker on the router.

What did they do wrong?

The spec has the router sending only 4 of the 8 digits first and then responding to an incorrect query. After those four are guessed (or otherwise correct), it sends the next 4, but the last one is just a checksum. This makes it crackable by a brute force attack. There are now a few programs downloadable for free that can crack all of the certified routers in between 30 minutes and a day, without the user really knowing anything or possessing programming or cracking skill. Expect the software to improve.

What else did they do wrong?

They turned the blasted thing on whether you use it or not! The default is on. So even if you setup your network properly, this vulnerability remains. You'd think, if you setup a properly encrypted system, this would be turned off. But it isn't. Once a hacker is in, they can change your router or access point configuration. So we all need to get into our WiFi adapters and turn off the WPS.

And it gets even worse!

Many companies and routers do not give you the option to turn it off! Others (like the Cisco-Linksys), let you disable it, but leave it running anyway after reporting that it is disabled. Many routers do not limit the number of guesses allowed. I expect they will update their firmware soon.

What did the Security community do?

There are now at least three tools freely available to hack these routers. Expect more and easier to use ones to be on the way to a hacker near you soon. These tools make it easy for normal people without hacker skills, to be able to break your WiFi security.

Recommended Action

Go into your Router and disable WPS. Hope your manufacturer actually disables it when you tell it to. Disabling WPS should be added to the previous actions of disabling UnPNP and Remote administration which some routers also turn on by default.

If you have a network Adapter in your notebook or other computer that allows pushbutton WPS setup, then you should disable it in Windows using the Device manager.

Example:

For the Dlink 601 Router (and probably others as well):

Enter router Setup
Select Wireless
Select Manual Wireless setup

WPS

Uncheck the WI-FI Protected Setup and save.

The biggest problem is just finding the appropriate switch. You may need to download your router manual and search it.

There is a Google Docs Spreadsheet showing many routers and what has been used to attack them and how long it took to break in here.

Date: February 2012

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Turn Off WPS on Your Router What is WPS The WiFi Protected Setup (WPS) wireless standard was created to make it easier for non-tech people to setup encrypted Wi-Fi connections. It was adopted by most of the consumer router manufacturers (Belkin, D-Link, Cisco's Linksy), Netgear). Of course, it hasn't been vetted by a large security community like the standard protocols are. It works either by pressing buttons on both the router and the external device, or by entering an 8 digit number usually printed on a sticker on the router. What did they do wrong? The spec has the router sending only 4 of the 8 digits first and then responding to an incorrect query. After those four are guessed (or otherwise correct), it sends the next 4, but the last one is just a checksum. This makes it crackable by a brute force attack. There are now a few programs downloadable for free that can crack all of the certified routers in between 30 minutes and a day, without the user really knowing anything or possessing programming or cracking skill. Expect the software to improve. What else did they do wrong? They turned the blasted thing on whether you use it or not! The default is on. So even if you setup your network properly, this vulnerability remains. You'd think, if you setup a properly encrypted system, this would be turned off. But it isn't. Once a hacker is in, they can change your router or access point configuration. So we all need to get into our WiFi adapters and turn off the WPS. And it gets even worse! Many companies and routers do not give you the option to turn it off! Others (like the Cisco-Linksys), let you disable it, but leave it running anyway after reporting that it is disabled. Many routers do not limit the number of guesses allowed. I expect they will update their firmware soon. What did the Security community do? There are now at least three tools freely available to hack these routers. Expect more and easier to use ones to be on the way to a hacker near you soon. These tools make it easy for normal people without hacker skills, to be able to break your WiFi security. Recommended Action Go into your Router and disable WPS. Hope your manufacturer actually disables it when you tell it to. Disabling WPS should be added to the previous actions of disabling UnPNP and Remote administration which some routers also turn on by default. If you have a network Adapter in your notebook or other computer that allows pushbutton WPS setup, then you should disable it in Windows using the Device manager. Example: For the Dlink 601 Router (and probably others as well): Enter router Setup Select Wireless Select Manual Wireless setup Uncheck the WI-FI Protected Setup and save. The biggest problem is just finding the appropriate switch. You may need to download your router manual and search it. There is a Google Docs Spreadsheet showing many routers and what has been used to attack them and how long it took to break in here. Date: February 2012 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk