Sigh. Support only seems to get worse. I'll see what I can discover. However, I won't have much time to do anything until later in the week.
Meanwhile, if you have a Linux box, try running Reaver:
and see how it responds to WPS traffic with it enabled and then disabled in the router. Also try it before and after punching the SES button on the front. I would do this for you except that I just upgraded my Ubuntu box to 12.04 which broke most of my highly modified wireless drivers and programs. Maybe I'll try to build it on my Mac instead.
The bundled Reaver solution, Reaver Pro, could be an option for folks who don't have the time, the knowledge, or a compatible radio. The cost, $99.99, is a bitter pill, however.
Yeah... I don't like commercialized attacker tools. It's one thing to disclose vulnerabilities to improve security and generally do the everyone a favor. It's another to provide a tool kit designed solely for breaking and entry.
Thanks, hard to argue with that. I was thinking that someone, somewhere, would use it to check for the vulnerability or to prove to themselves that turning it off in firmware actually disables it, but I suppose you're right.
WPS is the Wi-Fi Alliance name of the technology used to deliver the WPA/WPA2 encryption pass phrase from the router to a new wireless client securely. The idea is to make it easy to setup a new computer on a wireless network without having to type in a long and ugly WPA/WPA2 pass phrase.
SES (Linksys - Secure Easy Setup), AOSS (Buffalo - AirStation One-Touch Secure System), EZ-SETUP (Asus) Jumpstart (Atheros, Broadcom), are implimentations and individual trademarks for WPS (Wi-Fi Protected Setup). If WPS is vulnerable, they all are vulnerable (unless they fixed the problem).
I can't answer how this happened, sorry. But I can confirm that it does happen and not only with Linksys. I've seen it with EnGenius routers as well as Linksys.
Those who would give up essential security to purchase a little temporary convenience, deserve neither security nor convenience. (Appologies to Ben Franklin).
You won't find anything from Wi-Fi.org because they're not in the business of testing for security issues. They simply certifify that the device complies with various specifications.
Better questions might be why router security certification organizations:
apparently don't test for this, why the major router vendors are ignoring the problem on all but their currently selling products, and why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
OK. I guess that makes sense. Too bad though. They have an FAQ, and they 'could' have mentioned it in the FAQ since any compliant device is essentially useless as a secure router if left compliant.
All good points!
Especially since any wi-fi certified device essentially has no security unless/until you manage to disable wi-fi protected setup (WPS).
That's such a shame. It looks like 'many' routers can't effectively disable WPS ... so that essentially makes those routers unsecure.
I'm curious about one oddity if I may ask about it:
Since this flaw negates all security, why isn't there a bigger push to repair this flaw?
For example, how long have you guys known about this WPS flaw that I just found out about?
Politics. If the industry doesn't admit or publicize that there's a problem, the GUM (great unwashed masses) and the media will not consider it serious. Kinda like sticking one's head in the sand. If you don't see it, it's not there.
Let's pretend that the affected manufacturers suddenly develop a concience and decide to do the right thing. They could issue a recall for all affected products claiming that it is "unsafe" to operate. That would be amusing as everyone from Joe Sixpack to corporate America simultaneously attempt to update their firmware, or replace their router. Kinda like Y2K compressed into a few weeks. Obviously, that's not going to happen.
The same strategy of ignoring the problem was adopted by the industry with the chronic premature electrolytic capacitor failures that pleague all modern electronics.
The failure rates are very high, the solutions useless, and the manufacturers are ignoring the problem. It should be listed as a national quality disaster. Ask anyone outside of the industry, and they've never heard of the "bad caps" problem. Same with the crappy soldering on large BGA chips in laptops, which has been going on for about 8 years with little improvement.
Late December 2011. I wasn't paying attention and didn't know about it until about mid April 2012.
I had trouble finding the text of the first link but the second link was: Attack tool published for WiFi setup flaw; Cisco issues warning Which said: "In response to a public warning about design implementation flaws in Wi- Fi Protected Setup (WPS), Cisco has published a list of vulnerable products and is urging its customers to disable the feature until a software fix is ready."
So, I guess you guys knew about it all along. But I had never heard of "sixgun.org" and I doubt a lot of router owners like me know to go to sixgun.org to find out about router security.
Seems to me there should be a more general news in the technews on this. I wonder if we should email this story to others who publish USA-today- style tech news.
Any suggestions whom to email this story to so they can get the word out to your basic router owner like me?
My basic rule when it comes to stuff like firewalls is to disable "automagic" features such as WPS and uPnP. If it makes it easy for users it very likely makes it easier for bad guys.
Yes. There is a upnp hack as well. I think you only need upnp for gaming (xbox?). It should be turned off.
The linux outlaws are a good source for security bugs. Often they are just ragging on Adobe (is there a crappier software company?) for their flaws, but hardware bugs are mentioned as well. I don't recall the brand, but there is a family of wifi TV cameras that can easily be hacked due to some problem with how they configured the apache server.
Probably the worst security flaw I've seen of late is that Apple imessage. The messages go out to the wrong people. Worse yet, there is only one cypto key for every iphone/pad, so if you get a wrong message sent to you, you can easily read it.
why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
The PIN method itself can be disbled on Netgear's WNR1000v2.
Se
: Since only the Router PIN method is vulnerable to brute force attack, : NETGEAR recommends disabling this function to best protect your : network from invasion. : : To disable the Router PIN method: : 1. Login to the router GUI by typing
formatting link
on an : Internet browser's address bar. Note: Default logins are: Username = : admin, Password = password. : 2. Go to Advanced Setup menu and select Wireless Settings. : 3. Under WPS settings, put a check mark on Disable Router's PIN box. : 4. Hit Apply button to save settings.
Thanks. I'll fix it when I visit the customer on Monday or Tues. I didn't see that setting when I checked the various menus. I'll also confess to not checking the Netgear web pile. The router is V1, not V2, but that probably makes no difference.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.