WPS Router Flaw
More bang for your buck
Thread Starter
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
WPS Router Flaw
If you're using WPS to secure your wi-fi you're very vulnerable, I've seen several articles on this:
Rest of the article with a list of routers: https://www.flashrouters.com/blog/20...tch-to-dd-wrt/
Edited to add: there's a more comprehensive list here
Why is WPS a problem?
It sounds simple and easy; use a PIN to connect to your wireless instead of a weird string of letters that no one remembers. The issue is how WPS has been deployed/”idiot-proofed.” Unlike a router password, the PIN is something that can’t usually be changed by the router’s owner.
According to paper published by Stefan Viebock, the vulnerability with WPS comes with its easy PIN system which may be simpler for consumers, makes the router completely vulnerable to hacking. Many router manufacturer used a simple string of numbers like 12345670 for ALL of their routers.
It sounds simple and easy; use a PIN to connect to your wireless instead of a weird string of letters that no one remembers. The issue is how WPS has been deployed/”idiot-proofed.” Unlike a router password, the PIN is something that can’t usually be changed by the router’s owner.
According to paper published by Stefan Viebock, the vulnerability with WPS comes with its easy PIN system which may be simpler for consumers, makes the router completely vulnerable to hacking. Many router manufacturer used a simple string of numbers like 12345670 for ALL of their routers.
Edited to add: there's a more comprehensive list here
Last edited by green granite; 7th Jan 2013 at 16:31.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Old news gg... very old news ! Was covered in depth (amongst other things) in the book WiFoo (worth a read if you wish to be enlightened in the fundamentals of WiFi security, although there have been new topics since its publication so technically its a little out of date).
Everyone should be using WPA2-PSK AES with a strong key. Still not ideal, but better than nothing.
The technically minded should be running certificate-based authentication using WPA2-Enterprise and a RADIUS server.
For step by step instructions on the latter, try here (or any of the other places Mr Google may choose to deposit you)...... but as I said its for the technically minded (very low maintenance once its setup though), for anyone else, WPA2-PSK with a strong key.
P.S. When I say strong key on WPA2-PSK AES, I mean it. WPA2-PSK with a low strength password is pretty much the same as running an unencrypted network. And no, running your wifi network as "hidden" is NOT a security measure.
Everyone should be using WPA2-PSK AES with a strong key. Still not ideal, but better than nothing.
The technically minded should be running certificate-based authentication using WPA2-Enterprise and a RADIUS server.
For step by step instructions on the latter, try here (or any of the other places Mr Google may choose to deposit you)...... but as I said its for the technically minded (very low maintenance once its setup though), for anyone else, WPA2-PSK with a strong key.
P.S. When I say strong key on WPA2-PSK AES, I mean it. WPA2-PSK with a low strength password is pretty much the same as running an unencrypted network. And no, running your wifi network as "hidden" is NOT a security measure.
Last edited by mixture; 7th Jan 2013 at 17:19.
More bang for your buck
Thread Starter
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
Mixture I posted that on here as It has, as far as I'm aware, not been covered on here before. (yes I did do a search) and there may well be people here on PPRuNe that use the system thinking it's safe. Your condescendingly patronising style of reply was unnecessary.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
I never did like the idea of WPS and always turned it off on all routers which fell into my hands. I always found it a PITA anyway as adding "new" machines to a network using it, seemed to reset the existing network members
I tend to use WPA2 with at least 28 characters in the password
Mixture - is that enough?
I tend to use WPA2 with at least 28 characters in the password
Mixture - is that enough?
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
I was talking about old news in general, not old news in PPRuNe.
Even the most modest of Google searches or the most modest perusal of how-to articles outside of PPRuNe yields advice that anything other than WPA2 is not worth contemplating.
The tone of my reply was not specifically pointed at you.
Even the most modest of Google searches or the most modest perusal of how-to articles outside of PPRuNe yields advice that anything other than WPA2 is not worth contemplating.
The tone of my reply was not specifically pointed at you.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
I tend to use WPA2 with at least 28 characters in the password
Mixture - is that enough?
Mixture - is that enough?
antidisestablishmentarianism, hepaticocholangiogastrostomy or spectrophotofluorometrically for example, would probably not be.
(Methionylglutaminylarginyltyrosylglutamylserylleucylphenyla lanyla
lanylglutaminylleucyllysylglutamylarginyllysylglutamylglycyl alanylph
enylalanylvalylprolylphenylalanylvalylthreonylleucylglycylas partylpr
olylglycylisoleucylglutamylglutaminylserylleucyllysylisoleuc ylasparty
lthreonylleucylisoleucylglutamylalanylglycylalanylaspartylal anylleuc
ylglutamylleucylglycylisoleucylprolylphenylalanylserylaspart ylproly
lleucylalanylaspartylglycylprolylthreonylisoleucylglutaminyl aspfragi
nylalanylthreonylleucylarginylalanylphenylalanylalanylalanyl glycylv
alylthreonylprolylalanylglutaminylcysteinylphenylalanylgluta mylmet
hionylleucylalanylleucylisoleucylarginylglutaminyllysylhisti dylproly
lthreonylisoleucylprolylisoleucylglycylleucylleucylmethionyl tyrosyla
lanylasparaginylleucylvalylphenylalanylasparaginyllysylglycy lisoleuc
ylaspartylglutamylphenylalanyltyrosylalanylglutaminylcystein ylgluta
myllysylvalylglycylvalylaspartylserylvalylleucylvalylalanyla spartyl
valylprolylvalylglutaminylglutamylserylalanylprolylphenylala nylarg
inylglutaminylalanylalanylleucylarginylhistidylasparaginylva lylal
anylprolylisoleucylphenylalanylisoleucylcysteinylprolylproly lasp
artylalanylaspartylaspartylaspartylleucylleucylarginylglutam i
nylisoleucylalanylseryltyrosylglycylarginylglycyltyrosylthre onylt
yrosylleucylleucylserylarginylalanylglycylvalylthreonylglycy lalany
lglutamylasparaginylarginylalanylalanylleucylprolylleucylasp a
raginylhistidylleucylvalylalanyllysylleucyllysylglutamyltyro sylaspar
aginylalanylalanylprolylprolylleucylglutaminylglycylphenylal anylg
lycylisoleucylserylalanylprolylaspartylglutaminylvalyllysyla lanylal
anylisoleucylaspartylalanylglycylalanylalanylglycylalanyliso leucylse
rylglycylserylalanylisoleucylvalyllysylisoleucylisoleucylglu tamylglu
taminylhistidylasparaginylisoleucylglutamylprolylglutamyllys ylmeth
ionylleucylalanylalanylleucyllysylvalylphenylalanylvalylglut aminylpr
olylmethionyllysylalanylalanylthreonylarginylserine would probably be a bit risky too ! )
Last edited by mixture; 7th Jan 2013 at 19:44.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
I always did hate polypeptides
Never seemed like real chemistry - 'twas all done by machine sequencers, not real hands on stuff. I used to make a lot of money out of the blocking agents though.....t-BOC n-CBZ f-MOC and so on
just watch out for the phosgene
Never seemed like real chemistry - 'twas all done by machine sequencers, not real hands on stuff. I used to make a lot of money out of the blocking agents though.....t-BOC n-CBZ f-MOC and so on
just watch out for the phosgene
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
All* joking aside, WPA2 is strong enough to require supercomputers running parallel-computing over many days in order to break it (and they still haven't). I would suggest the hum of a few Crays sat on your drive wardriving your wifi might be a little bit of a giveaway. The danger of a long password is more likely that you write it down rather than remember it, which is far more of a concern (especially if you are only protecting a home broadband connection anyway).
(* most)
(* most)
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
WPA2 is strong enough to require supercomputers running parallel-computing over many days in order to break it (and they still haven't)
You are also reliant on correct bug-free implementations by WiFi vendors.
But overall, I agree, you average home user who probably hasn't yet mastered how to correctly update or backup their computer, probably doesn't need to concern themselves too much with the nitty gritty of WiFi security because they've got better computing things to worry about.
Last edited by mixture; 9th Jan 2013 at 14:11.
Why you shouldn't use WPS on your Wi-Fi network | Enterprise | Real World Computing | PC Pro
I'm just a mutt user who has to believe what they're told but I feel like Buridan's ass here. Doesn't green granite have a point?
Security researchers have released a tool called Reaver that can exploit this flaw, and enables anyone to crack the simpler WPS PIN and access the cleartext version of the router’s WPA2 pre-shared key (PSK), which is then revealed as a result.
Last edited by In rerum natura; 13th Jan 2013 at 00:51. Reason: Couldn't spell Buridan