Most routers released in recent years are at risk, due to a vulnerability discovered in the WPS (Wireless Protected Setup) feature. WPS makes it easy for people to connect their computers to their router without having to get very technical about it, but – it turns out – security was sacrificed for simplicity, as an attacker can gain full access to the network by using a brute force attack.
Millions of devices are potentially affected, and it could take a long time to fix them all. That said, the solution is simple: disable WPS.
You can disable WPS by logging into your router over the network and changing the setting.
There are many tools that are freely available to eavesdrop on network traffic, and can take advantage of this fault in WPS, and if a brute force attack is successful, intruders can connect to devices on a network, or monitor the internet traffic in hopes of learning passwords or other information.
This serious vulnerability was discussed in full detail on the latest Security Now podcast, hosted on the TWiT.tv podcast network. As soon as show notes are made available, we will link to them in this post.
WPS is often activated by pressing a button on the router, allowing Windows to quickly and easily connect to the wireless network and automatically figure out the relevant settings, requiring only a PIN and the wireless password.
If you’re unsure of how to disable WPS, refer to your router manual, or ask a tech-savvy friend or professional (such as a Nerd) to help you turn it off.
Hopefully vendor will quickly provide software upgrades to rectify the problem, and the newer products will have rectified and correct this flaw in WPS, making it safe to use again.
We're honoured to be featured in CanadianSME this month, weighing in on cybercrime - the impact of working remotely, the biggest challenges in protecting your data and the cost of data breaches. Read the report