WiFi WPS Flaw

Wi-Fi Protected Setup (WPS) was intended to be an easy and secure way of connected a device to your WiFi, although it is easy it’s nowhere near secure. With a simple program available for free and a 5 min YouTube video anyone could potentially compromise your network. WPS uses 11,000 different pin combinations to attempt to keep you safe. You can detect any router that is running WPS within seconds, personally I’ve detected close to 30 in my office location which is pretty much every router that is running around me. This is because the routers (maybe not the newest ones) have it enabled by default and unless you know about it chances are it will remain enabled after you set it up. Now if you have left WPS enabled and unlocked someone in the area could be running free software and attempting each one of the 11,000 pin numbers to connect to your device, this should take no more than 10 hours to achieve. Even by changing the password, once the hacker has obtained the pin number all they have to do is run the software again but this time supply the pin number so the new password becomes compromised in seconds. Now the user has access to your network the world is their oyster as they can do pretty much anything from listening in to your traffic, harvest all your emails, view anything that you are sharing off your computer and even potentially compromise or take over your computer completely… Fortunately most routers if not all allow you to disable WPS through the routers menu system. To figure out how to do this you can search for your router model name and disable WPS and you should get step by step instructions. Unfortunately as I found out it’s not always that simple, my Cisco router seems to have a bug in it. When I went to disable it, I would end up getting kicked of the router with a message saying my session wasn’t valid and WPS would remain on. After a lot of online reading I was left to my own devices as not even the vendor had a solution to the problem, fortunately I found out how to do it and after letting the vendor know what the problem was I received a Thank You email, a pat on the back is better than nothing. So if you do have a Cisco router and are receiving the same types of error try this, go to the wireless tab inside your menu. Click on the sub-menu wireless security and disable it, don’t forget to save your settings. This is just temporary so you don’t receive the error while trying to disable WPS. Now under the wireless tab click on the basic wireless settings sub-menu and check the radio button for Wi-Fi Protected Setup, then click on the disable radio button (wait a second or two for it to grey out) and return back to Manual mode then click save. Now you can go back to wireless security and enable the security again, that should be it. Unfortunately the only way to know for sure with this router or any other one would be to scan to confirm it doesn’t show up on the list but at this point we should assume the settings worked the way they’re supposed to… As far as Wi-Fi security goes there are other things that should be understood and considered which we cover in our home networking course, so come join us when you have some time…