If the vulnerability in WPS that I linked and talked about this week wasn’t bad enough, some of the commenters at the always excellent Hackaday found something terrible.

Many vendors use a predictable number as the WPS PIN, and don’t even bother to make it unique on a router-by-router basis. So much for it taking a couple of hours to get into a network. Since some vendors set the PIN to something like 123456789 or 123456780 (how clever), the vulnerability may not even be necessary to get in. Just try some of the known numbers, and chances are you can be on somebody’s network in a matter of minutes.

So here’s your homework. Disable WPS on your router. If the PIN is something stupidly obvious, change it if you can. Change it to a meaningless number of course. If you can’t disable WPS and/or if your vendor uses a really bad PIN and it can’t be changed, see if your router is capable of running DD-WRT, TomatoOpen WRT, or some other similar open-source, third-party firmware. Such firmware is more likely to allow you to disable WPS and is much more likely to address this major vulnerability in a timely fashion, seeing as most of the vendors really don’t seem to care. A quick search suggests that WPS is broken under Open WRT on some routers, which suddenly looks like an unintended benefit to me.

This is why openness is good, and black boxes are bad. Very bad. And why locking down firmware so it can’t be changed is shortsighted. It means when a vendor can’t be bothered to fix a problem, somebody else can.