Wireless Routers that Use WPS Have a Built-in Flaw that Causes Them to Practically “Give Away” Passwords

Wireless Routers that Use WPS Have a Built-in Flaw that Causes Them to Practically “Give Away” Passwords

by Chris Thomas on 11 August 2014 · 2338 views

1 full Wireless Routers that Use WPS Have a Builtin Flaw that Causes Them to Practically Give Away Passwords

According to cybersecurity researcher Dominique Bongard and other internet security specialists, Wi-Fi routers that utilize Wi-Fi Protected Setup (WPS) technology aren't so “protected” after all. Ironically, these types of routers may be the easiest to hack into, as was recently demonstrated at the PasswordsCon conference in Las Vegas this past Tuesday.

WPS-enabled routers are supposed to make it easier to connect trusted devices to your home network, but as a side effect it seems they've also made it easier for hackers.

So just how vulnerable are these devices? Well, Bongard was able to trick a router into giving away its WPS Pin and password in just one try, and all he needed to know was the name and model of the router! Now, it may sound like he cheated a bit by knowing that information, but when you consider the fact that most people use one of about ten popular router brands, it's not as difficult as it should be.

So What's the Flaw?

Apparently, WPS-enabled routers use number generators that are supposed to pump out completely “random” number sequences to help encrypt and protect your password. Unfortunately, these number generators aren't so random after all, and with a bit of analytical and programming skills the right hacker can predict with fair accuracy what the generated number will be, often times in only a few tries.

Hypothetically, all a hacker needs to know is what kind of router you're using, and from there they can use algorithms and other techniques to predict rather reliably a number sequence that grants them access to your home network. Once connected, the hacker could then intercept all of the data being sent to and from your wireless router, including passwords, banking and credit card information, social networking activity, and any other information that your devices are sending across the web.

Does this Mean Your Router Can Be Hacked Into Instantaneously?

That depends on which brand and model you're using, how the router is configured, and of course, whether or not you're in close proximity to a skilled enough hacker. With that said, it is highly unlikely that someone is already using this exploit on your home network, but now that it is in the mainstream news again, it wouldn't be surprising to see aspiring hackers attempting to take advantage of this loophole in major cities around the country.

This security flaw was highlighted in the news a couple years back, but has been largely ignored by most internet users since then. The recent PasswordsCon event, a meeting of the best password crackers and hackers, has once again brought the issue to the attention of the media.

Considering the fact that most households use one of the top router brands, it wouldn't be hard for a hacker to use a program that utilizes process of elimination to find out what kind of router you're using, at which point they would also know what kind of number generator is being used to protect your password.

What's the Solution?

If you're using a router that supports WPS, it would be advisable to disable this feature immediately and switch to using WPA2-Personal or WPA2- Enterprise, both of which are recognized as the two most secure types of connections for home networks. Another measure you can take is to utilize various tools and methods to create and manage highly secure passwords.

Another way to make sure no one is hacking into your home network is to monitor network usage through your router's administration interface. This will tell you who is connected to your network and what their device's MAC address is, thereby helping you identify intruders. You could also enable MAC address filtering in your router's control panel to block or allow specific devices on your network. 

Comments (0)
Featured Articles