WiFi Protected Setup compromised

WiFi Protected Setup

WiFi Protected Setup was approved as a standard in 2007. Programs to compromise this technology were being used by hackers by January of  2012.

Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. More than 200 products have been Wi-Fi CERTIFIED™ for Wi-Fi Protected Setup since the program was launched in January 2007.”     – WiFi Alliance

The majority of these routers and access points were aimed at the consumer and small business markets.  If your device has a push button to connect wireless devices to your network you are vulnerable to an attack that will compromise your whole network.

Problems

In December 2011 CERT issued Vulnerability Note VU#723755.  This states that the Wi-Fi protected setup is susceptible to attack because of a basic design flaw.  According to CERT they are “unaware of a practical solution to this problem.”

In September 2014 a security researcher, Dominique Bongard, demonstrated that  WPS could also be cracked offline using a computer.  This process extracts the third message from one failed access to the router.  This number is used to decode the 8 digit pin for the wireless access point.  Your access point no longer needs more than one unsuccessful log in to reveal it’s permanent secret code.

Reaver is a free software package available for download to attack this design flaw in Wi-Fi protected setup.  Tactical Networks also a a complete kit of hardware and software available for $100 to compromise any access point or router using Wi-Fi protected setup.

Solution

  1. Disable the WPS feature in your access point or router.
  2. Disable the network name broadcast on your wireless router or access point.  Only the public WiFi network that you want outside users to connect with should broadcast a network name.
  3. Manually connect internal wireless devices to the private wireless network for company devices.  These devices save the network name and passphase on the initial wireless connection.
  4. Setup the hours that your office wireless network is available to your active business hours.
  5. If you must use a retail home wireless router for your business upgrade the firmware to run one of the open source replacement firmware products from dd-wrt, Tomato, OpenWrt, or M0n0wall.

References

How to disable WPS in Netgear routers.

How to disable WPS in Belkin routers.

How to disable WPS in TP-Link routers.

How to disable WPS in Zyxel routers.

These manufactures do not list how to disable WPS

Linksys(Cisco), Buffalo, and Techicolor