By default, wireless routers and access points have security turned off. Without Wi-Fi security enabled, anyone nearby can leech off your wireless Internet, see where you’re browsing, capture your passwords to some websites, and possibly access your PCs and files. Some models help you turn security on via a wizard during initial setup or recommend using buttons or PINs; others require you to enable it manually via the router’s Web interface.
But even with Wi-Fi Protected Access 2 (the latest security standard) enabled, hackers can exploit vulnerabilities to crack your Wi-Fi security. Here’s how to combat these weaknesses.
The most recently discovered major Wi-Fi vulnerability involves the Wi-Fi Protected Setup feature found in most Wi-Fi routers made since 2007. Though WPS doesn’t provide security itself, it’s supposed to simplify turning on the personal (PSK) mode of WPA or WPA2 security.
Networking manufacturers can incorporate two methods of using WPS to help secure and connect your Wi-Fi devices. In the PIN method–the source of the latest vulnerability–you enter the eight-digit PIN assigned to your router into Wi-Fi-equipped computers and devices that also support WPS, in order to connect them to the wireless router. The alternative is to assign a PIN to your PC or to any other Wi-Fi-equipped device that supports WPS and then enter it into your router’s Web interface in order to connect the device to the network.
Faulty underlying design of the WPS PIN method on routers makes it easier for an attacker to crack the PIN combination by brute force using software tools that repeatedly guess the PIN. Manufacturers can add enhancements to combat such attacks on their routers, but most of them haven’t yet done so.
Two existing tools–Reaver and wpscrack–can automate the cracking. Depending on the exact wireless router, these tools can usually figure out a network’s PIN and full Wi-Fi password (the WPA or WPA2 passphrase) within a few hours.
The WPS cracking process can also lock-up your wireless router, thus causing a denial-of-service attack. This can lead to major performance problems on your network and even stop it from working altogether until you reset your router.
Fixing the Vulnerability
If your router supports WPS, it’s vulnerable. Look for an eight-digit PIN printed on the bottom or a WPS logo on the router. If you don’t see either one, run a Google search for your model number, and find its product description or data sheet online. If you still have the box, examine it. If your router doesn’t support WPS, then it isn’t subject to this WPS vulnerability.
If your router does support WPS, log in to your router’s Web-based configuration panel: From a computer that is connected to your network, open your Web browser and type in your router’s IP address–a numerical string such as 192.168.0.1 or 192.168.1.1. If you don’t know your router’s IP, in Windows Vista or 7, open the Network and Sharing Center via its icon near the lower right corner of Windows. In Vista, click Manage Network Connections; in Windows 7, click Change Adapter Settings. Double-click the network connection you’re using; and in the dialog box, click Details. Finally, you’ll see the router’s IP listed as the Default Gateway.
If you can’t remember the password for logging in to the router control panel, you may not have changed it. Try the default username and password listed in the router’s documentation or online (at RouterPasswords.com). If your Internet provider supplied the router, check the hardware itself. As a last resort, press the router’s reset button to return to the factory default settings, but don’t forget to enable security afterward.
Log on and find the WPS settings; they may be in the wireless or advanced section. Save or apply any changes.
Disabling WPS–and Beyond
If your router uses WPS, consider disabling it (if possible). Unfortunately, on some routers, disabling WPS via the Web interface doesn’t turn it off completely. To double-check, try to enter the router’s PIN on a Wi-Fi-equipped computer or device that supports WPS.
If you previously used WPS to secure your network, you can find the Wi-Fi password (the WPA or WPA2 PSK passphrase) that it created in the router’s wireless settings after you log on to the interface. When you want to join more Wi-Fi computers and devices to your network, you can enter that password.
For peace of mind, the best strategy may be to buy a router that doesn’t have the WPS feature. That fact usually appears in the product description or data sheet online or on the box in stores. If you’re willing to tinker, check to see whether your router is compatible with free aftermarket firmware that doesn’t have WPS, such as DD-WRT or Tomato.
In time, manufacturers may release firmware updates to fix their routers’ WPS vulnerabilities, so search the online support section for your model. If the release notes for firmware updates from as recently as this year show WPS changes, upgrading your router’s firmware should patch the security hole.
Small businesses (and security fanatics at home) that have wireless routers featuring WPS can also consider using enterprise-level Wi-Fi security, which even consumer-level routers support. This is a more secure mode of WPA/WPA2 security, and it doesn’t use WPS, so you aren’t exposed to the vulnerability. The enterprise mode is also called the 802.1X or EAP mode, whereas the personal mode (the one vulnerable to WPS weakness) is technically called the preshared key (PSK) mode.
The enterprise mode of WPA/WPA2 security uses 802.1X authentication, which requires some sort of external authentication (or RADIUS) server. But services are available that can host such a server for you.
Session Hijacking and Password Capturing
Another major Wi-Fi security threat that has surfaced in the past few years comes from tools that allow anyone eavesdrop on wireless traffic capture passwords or other information. Tools such as the Firefox add-on Firesheep and the Android app DroidSheep make it easy for anyone on your Wi-Fi network to hijack your online accounts. As a result, if eavesdroppers run the tool as you log on to a website that isn’t secured with SSL/HTTPS encryption (for example, some social networking and email sites–look for “https” in the URL to determine whether the site is encrypted), they can then get onto your account.
People can perform only session hijacking and password capturing if they are on the same network as you or if the network isn’t secured, such as by using WPA/WPA2. It’s not something to worry about on your home network unless you don’t secure your Wi-Fi properly or you don’t trust other users. But it is something of concern for business networks. and it can be prevented with enterprise Wi-Fi security.
Weak Wi-Fi Passwords
Your WPA and WPA2 passwords are susceptible to brute-force dictionary-based cracking (basically, where hackers guess your password using software tools that repeatedly guess). If your router’s password is a word listed in the dictionary–or something close to such a word–it’s highly vulnerable to cracking. Use a long passphrase (one of at least 13 characters and as many as 63 characters) with mixed case and random letters, numbers, and other ASCII characters. A gibberish password like this one will hold up: q$3^cP&/S#z;2%D,7x)h. Or see “How to Build Better Passwords Without Losing Your Mind” for guidance on devising strong passwords that you’ll be able to remember.
For more Wi-Fi security tips, read “How to Lock Down Your Wireless Network.”