This is going to sound like gloating, so I’m going to apologize for that right up front. A few weeks ago, I recommended you keep WPS disabled except for brief intervals for convenience. I had no specific reason in mind. Just in case. Just in case, you know, a vulnerability in WPS got discovered.
Well, one got discovered.
So, disable WPS. Wait for a patch. Apply the patch. Then disable WPS again and keep enabling it just for those few moments you need it, in case another vulnerability is discovered in the future. Yes, it’s less convenient that way, but it’s more secure. Otherwise, it’s like having a lock that can be picked with a sheet of typing paper.
Worst-case scenario, this vulnerability means someone can break your otherwise strong wireless network via WPS in about 9.6 hours. Best case, if everything goes right, is more like 1.5 hours. Either case is longer than a wardriver is willing to sit in your driveway, or longer than known wifi-hacking aeroplanes can fly, but it’s not much of a deterrent at all for, say, a freeloading neighbor. You don’t want your freeloading neighbor on your network. Sure, if he goes and downloads 4 terabytes worth of chick flicks and boy band MP3s using your network you can prove your innocence once the MPAA and RIAA come for you. But it’s a whole lot easier and cheaper to just keep that boy band-loving neighbor off your network in the first place. Besides, you don’t want any of the malware hidden in those files jumping onto your computers, do you?
One thought on “This is why you disable stuff you don’t think you need”
And an exploit is out. https://threatpost.com/en_us/blogs/attack-tool-released-wps-pin-vulnerability-122911 It can crack a wifi access point in 4-10 hours.
The developer of the tool says the same thing; the only safe thing to do right now is disable WPS.
Comments are closed.