WiFi Protected Setup was approved as a standard in 2007. Programs to compromise this technology were being used by hackers by January of 2012.
Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. More than 200 products have been Wi-Fi CERTIFIED™ for Wi-Fi Protected Setup since the program was launched in January 2007.” – WiFi Alliance
The majority of these routers and access points were aimed at the consumer and small business markets. If your device has a push button to connect wireless devices to your network you are vulnerable to an attack that will compromise your whole network.
In December 2011 CERT issued Vulnerability Note VU#723755. This states that the Wi-Fi protected setup is susceptible to attack because of a basic design flaw. According to CERT they are “unaware of a practical solution to this problem.”
In September 2014 a security researcher, Dominique Bongard, demonstrated that WPS could also be cracked offline using a computer. This process extracts the third message from one failed access to the router. This number is used to decode the 8 digit pin for the wireless access point. Your access point no longer needs more than one unsuccessful log in to reveal it’s permanent secret code.
Reaver is a free software package available for download to attack this design flaw in Wi-Fi protected setup. Tactical Networks also a a complete kit of hardware and software available for $100 to compromise any access point or router using Wi-Fi protected setup.
- Disable the WPS feature in your access point or router.
- Disable the network name broadcast on your wireless router or access point. Only the public WiFi network that you want outside users to connect with should broadcast a network name.
- Manually connect internal wireless devices to the private wireless network for company devices. These devices save the network name and passphase on the initial wireless connection.
- Setup the hours that your office wireless network is available to your active business hours.
- If you must use a retail home wireless router for your business upgrade the firmware to run one of the open source replacement firmware products from dd-wrt, Tomato, OpenWrt, or M0n0wall.
How to disable WPS in Netgear routers.
How to disable WPS in Belkin routers.
How to disable WPS in TP-Link routers.
How to disable WPS in Zyxel routers.
These manufactures do not list how to disable WPS
Linksys(Cisco), Buffalo, and Techicolor