One of the bigger security-related stories over the past week concerns a vulnerability in WiFi Protected Setup (WPS). WPS is designed to be an easy way for inexperienced users to set up a secure network, using methods such as inputing a PIN from your router into your computer or other device. The problem is that the PIN, which is 8 digits long, is susceptible to brute force attacks. In fact, a free tool named Reaver can crack that PIN in just a few hours. This vulnerability exists regardless of the kind of security you’re using on your network, so even WPA2 is at risk. This means that the kid next door could get Reaver running, go off and watch a movie, and a few hours later he is in your network. The solution? Turn off WPS. Unfortunately, you can’t do this with modern Linksys routers.
Most Linksys routers have a setting to switch WPS to manual. Testing has revealed, though, that this switch doesn’t disable WPS. You only have a few solutions to secure your network if you have a vulnerable Linksys router:
- Completely disable WiFi on your network, and go with only wired connections;
- Get another (non-Linksys) router;
- Install a third-party firmware on your router, such as DD-WRT or Tomato, if your router supports it.
Other methods, such as MAC address filtering (a way to restrict access to your network to predesignated devices) or hiding your SSID don’t really protect you, as a MAC address can easily be detected and spoofed, and even an invisible SSID can be detected.
I have a Linksys E2000. I was going to install Tomato, as I used it on a previous router and thought it was great. Unfortunately, Tomato doesn’t have a user interface that allows you to easily set up a guest network. As a result, I installed DD-WRT onto my router. Even that required a bit of tweaking to get a guest network set up.
Do you have a Linksys router? What are you doing to secure your network?