Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    688
    Thanks
    11
    Thanked 65 Times in 51 Posts

    Routers using WPS are intrinsically unsafe




    TOP STORY

    Routers using WPS are intrinsically unsafe


    By Fred Langa

    Simple hacker tools can easily sniff out Wi-Fi passwords from routers that have Wi-Fi Protected Setup enabled — quite possibly yours included.
    Here's how to protect your network — and even hack your own router to see whether it's vulnerable.

    The full text of this column is posted at windowssecrets.com/top-story/routers-using-wps-are-intrinsically-unsafe (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    New Lounger
    Join Date
    Sep 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    WPS ans wireless on routers

    What you did not cover in your article is those of us who have routers without wireless. We use wireless access points plugged into the router. Do we need to be worried?

  4. #3
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,298
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by pjohnston View Post
    What you did not cover in your article is those of us who have routers without wireless. We use wireless access points plugged into the router. Do we need to be worried?
    Wired routers do not broadcast anything. There is no WPS that I know of for these devices, but if there were, a direct connection to the router would be required, or else the old USB Stick trick. Neither of which can be detected from outside the connection, let alone hacked. Wired connections are inherently safe from outside hacking of this sort.

    Configuration of a wired connection is actually much easier than for a wireless access point. The whole area of wired connections is far older and more mature than wireless. Almost any computer with a NIC connects almost automatically and without user intervention of any kind (except a strong password which should be added for your protection). And to absolutely disconnect, you just pull the plug at either end of the connection. Very safe, and potentially very fast. The one drawback is lack of ability to move the computer anywhere you want to within the router's range. Which with Wireless-N can be up to a quarter-mile.
    Last edited by bobprimak; 2012-12-13 at 02:42.
    -- Bob Primak --

  5. #4
    New Lounger
    Join Date
    Sep 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks Bob. So as I understand your response having wireless access points rather than wireless on the router is a quick and effective way around WPS problems mentioned in the article. Each wireless access point has its own SSID. Thank you and Happy Christmas. Paul

  6. #5
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,298
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by pjohnston View Post
    Thanks Bob. So as I understand your response having wireless access points rather than wireless on the router is a quick and effective way around WPS problems mentioned in the article. Each wireless access point has its own SSID. Thank you and Happy Christmas. Paul
    As long as instant mobility is not an issue, I'd go with wired every time if the wiring runs aren't too long.

    And a Happy Christmas to you as well!
    -- Bob Primak --

  7. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Billericay, Essex, England
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Fred, great article and certainly something to check. Just one point though - you say that the only way to check if WPS is truly disabled is to run Reaver and try to hack it yourself. Surely if you know the WPS code, this isn't necessary - just try attaching a device using the code and see if it works?

  8. #7
    New Lounger
    Join Date
    Dec 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There is another option, instead of throwing away your router, and that is to install DD-WRT on it (provided that your router is supported by it). I believe that DD-WRT does not support WPS at all, so it will ignore any WPS requests.

  9. #8
    New Lounger
    Join Date
    Dec 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There is an extra level of confusion for those whose ISPs provide the router. My U-verse connection is a big black box from AT&T that combines the router with the VOIP box with whatever it takes to feed their TV system. And of course they don't encourage anyone to mess around with any settings, or provide much in the way of instructions. The only good news is that the PIN is ten digits.

  10. #9
    New Lounger
    Join Date
    Dec 2012
    Posts
    21
    Thanks
    2
    Thanked 1 Time in 1 Post
    In the story, you refer to a TechNet article "Non-broadcast wireless networks with Microsoft Windows." That article states that Microsoft does not recommend disabling SSID, especially when using Windows XP.
    I have the same U-Verse system as RHinCT (above).

  11. #10
    New Lounger
    Join Date
    Dec 2012
    Posts
    1
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I use the Cisco/Linksys router that was used in this article and after reading the article and the threads here I saw no mention of the MAC Filtering option. I ignore WPS all together and enable MAC Device filtering. Supposedly using this option limits your router access connections only to the MAC addresses that you manually enter. If there is a way to hack this method please let me know!

    Router.jpg

  12. #11
    New Lounger
    Join Date
    Dec 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the good article about wireless routers, Fred. I just purchased a TrendNet TEW-731BR wireless unit last week. It uses WPA2 authentication, PSK and AES. Just wondering if it is vulnerable to the same security issues discussed in the article.
    Last edited by allenRM; 2012-12-13 at 11:28. Reason: make correction in post.

  13. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,208
    Thanks
    129
    Thanked 1,145 Times in 1,054 Posts
    Quote Originally Posted by owldo View Post
    If there is a way to hack this method please let me know!

    Router.jpg
    Check this article from 2005(!):
    http://www.zdnet.com/blog/ou/the-six...ireless-lan/43

  14. The Following 2 Users Say Thank You to ruirib For This Useful Post:

    GSAugustas (2012-12-13),owldo (2012-12-13)

  15. #13
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    859
    Thanks
    12
    Thanked 3 Times in 3 Posts
    However, Reaver is Linux-based software and, as such, might be unfamiliar to Windows users. So in the next issue of Windows Secrets, I'll present a complete, illustrated, step-by-step article on how to test-hack your router, using Reaver. Stay tuned!
    ---------------
    Meanwhile, the hackers have another week to access your possibly compromised network.

  16. #14
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,208
    Thanks
    129
    Thanked 1,145 Times in 1,054 Posts
    Quote Originally Posted by ibe98765 View Post
    However, Reaver is Linux-based software and, as such, might be unfamiliar to Windows users. So in the next issue of Windows Secrets, I'll present a complete, illustrated, step-by-step article on how to test-hack your router, using Reaver. Stay tuned!
    ---------------
    Meanwhile, the hackers have another week to access your possibly compromised network.
    Of course, that will be Fred's fault.

  17. #15
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,139
    Thanks
    202
    Thanked 206 Times in 198 Posts
    Quote Originally Posted by pjohnston View Post
    Thanks Bob. So as I understand your response having wireless access points rather than wireless on the router is a quick and effective way around WPS problems mentioned in the article. Each wireless access point has its own SSID. Thank you and Happy Christmas. Paul
    The wired part of the router is secure; the wireless access points, however, cause you to be vulnerable as Fred described.

    Your setup is like a wireless router with the wireless part separate from the router itself. So you will need to follow Fred's steps for each wireless access point.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •