We all knew that WEP (Wired Equivalent Privacy or Wireless Encryption Protocol) was worthless. WEP can be cracked in minutes by a knowledgeable cracker. But WEP was replaced with the WPA and then by the better WPA2 protocols. (WPA stands for Wi-Fi Protected Access.) If you have an encrypted Wi-Fi network, you use WPA2 because surely no one can crack WPA2’s 256 bit encryption key!
The world was recently made aware that it is easy, if time consuming, to crack an encrypted WPA/WPA2 Wi-Fi signal when Wi-Fi Protected Setup (WPS) is also enabled on the router. The cracking tool is called Reaver. Setting up Reaver is a bit involved but there are published recipes that make using it straightforward. (Here’s the YouTube video http://www.youtube.com/watch?v=z1c1OIMbmb0, a primer http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver, and the Reaver code repository http://code.google.com/p/reaver-wps/.)
Security and convenience rarely mix. If you want your home to be secure you lock the doors and arm an alarm system. If you want to enter a secure house, you need the key(s) and the alarm code. That is not as convenient as leaving the alarm system off and the door unlocked.
WPS is designed to make using encrypted Wi-Fi convenient. It does that but it makes your network insecure, too. Without WPS we need to know the password or passphrase to link to a secure encrypted wireless network. WPS makes that unnecessary. There are several ways WPS can work. One way to connect a wireless device—a computer, smartphone, tablet, printer, Apple TV, Roku box, TiVo, etc.—to your router’s Wi-Fi signal is to press a couple of buttons, one on the router, the other on the device, within 120 seconds. Another method is to press the router’s WPS button and enter the router’s eight digit PIN code into the device. The PIN code is printed on a label attached to the router.
I have never used WPS to setup a client’s or my own wireless networks. I prefer the old-fashioned method of setting up an intelligent password and then using it to link a device to the network.
Turns out that was a good practice but…
If a router is WPS certified it must have WPS turned on by default. I rarely ever turned it off on the many router’s I have configured. If it is enabled it can be cracked by Reaver!
Today I use a current model Apple AirPort Extreme router as the primary routing device for my network. Fortunately, Apple does not support the push button mode of WPS on either AirPort Extreme or AirPort Express routers. Pretty much every other modern, major consumer router manufacturer does. Cisco Linksys, D-Link, Netgear, and Belkin do. Unfortunately, Cisco Linksys makes it impossible to disable WPS on most of their routers. Other manufactures let you turn it off or make it inaccessible without direct access to the router’s control software. [Edited Friday 2012-01-13 5:53am EST]
DON”T PANIC
Douglas Adams’ advice is usually good advice. It is here.
It is unlikely that your home network Wi-Fi will be cracked using Reaver or any other tool. It takes several hours for Reaver to work its magic. The cracking device needs to be in range of the router’s Wi-Fi signal the entire time. If you know how to enter your router’s configuration console and it is not a Cisco Linksys router, I recommend disabling WPS.
If you enjoyed this article, please consider sharing it!
Hi, you say above that Apple routers don’t support WPS, but there is a youtube video I found that is a tutorial for using WPS to set up a printer via Airport express?
http://www.youtube.com/watch?v=MSWnvJFFZKs
Can you explain what they are doing here?
@eve11 Turns out I was somewhat incorrect.
Apple supports the non-button form of WPS connection. However, unless you open the AirPort Utility and go to Add Wireless Client on an AirPort Extreme or Express is not transmitting a WPS PIN that can be hacked. Since AirPort routers allow for and encourage encryption to gain access to the AirPort Utility I think I am safe.
Thanks for letting me know. I’ve made corrections above.
Do you have any recommendations for setting up a home wireless network to either hide the access point or to thwart a drive by attacker?
In particular, can WDS links be made safely? ideally, I’d have 2 wireless access points in my home, and a wireless repeater (I think thats the name of the function I am looking for) in the garage to get signal out into the back yard. Am DD-WRT fan FWIW, perhaps that brings something to the table?
Thanks! JohnW
Most routers allow you to disable broadcasting the SSID. You turn this feature on or off via the router’s configuration/setup management console.
WPS links are secure, but not very. As I wrote above, “Don’t panic.” It is highly unlikely anyone would ever invest the time and resources to break into your network via a WPS crack.
BTW, I don’t believe that DD-WRT supports WPS so if you have a router that lets you switch the firmware to DD-WRT you will protect yourself from this security concern.
Here’s a list of DD-WRT capable devices:
http://www.dd-wrt.com/wiki/index.php/Supported_Devices#Supported_Devices