Wi-Fi WPS Security Flaw Exposed

I listen to a terrific podcast by Steve Gibson and Leo Laporte about digital security called Security Now. A new security scare is making the rounds that everyone with a wireless router needs to address as soon as possible. Complete details about this flaw were outlined on Security Now episode 335.

A recently discovered flaw in the execution of WPS (Wi-Fi Protected Setup) makes it relatively easy for a nearby hacker to circumvent your wireless security settings and gain access to your network. The fact is, every router that bears a seal of certification from the Wi-Fi Alliance ships with WPS enabled by default! In essence, that means that every router that has been sold in the past several years is potentially vulnerable to attack.

I am not a security expert, so I am not going to delve into the dirty details of how a router with WPS enabled can be compromised. I simply want to get the word out to everyone. Fortunately, an attack on WPS must be made within the wireless signal range of your router, so attacks in this form cannot originate from long range across the Internet.

The bottom line is that everyone should immediately visit the settings page for your router and disable WPS!

You can do an online search for this security flaw to find out more information. At the time of this writing, a reasonably good article detailing the GPS security flaw can be read at TechLogon.

It is assumed that router manufacturers will eventually update the firmware of their products to correct this flaw in WPS. That said, WPS itself is a system designed to let a novice user create a secure wireless network with little knowledge or effort. Anyone who takes computing and networking seriously would never use WPS in the first place, so I recommend that all users disable the feature and leave it disabled permanently.

While I am on the topic of Wi-Fi security, I want to add that everyone should have their wireless home network secured using WPA2 encryption with a password key that is at least 12 characters in length. Obviously, you should never use the name of your wireless network (SSID) as your security password. Personally, I use a complex 16-character password, which I think is sufficient.

Author: Craig Tisinger

Snarf!

Leave a Reply

Your email address will not be published. Required fields are marked *