Administration
Support
Security
Installation
Information
About us
Contact
Services
Partners
agent°ex
Attingo Datenrettung
Crowes Agency OG
FOO
nets.at
- RSS English -
- RSS Deutsch -

Avoid Wi-Fi Protected Setup

Wireless network access points have a feature called Wi-Fi Protected Setup (WPS). The idea is to facilitate the configuration of the access point since abbreviations such as TKIP, AES, WPA2, PSK, etc. can be quite intimidating for anyone not used to network and security protocols. Security researchers have found a serious weakness in the WPS protocol.

Security researchers Stefan Viehböck and Craig Heffner has published a description of the vulnerability along with a tool to prove the existence of the weakness. Basically WPS substitutes the security of pass phrases with a PIN code. Due to the nature of WPS an attacker can guess this code very easily and obtain the configured pass phrases. The attacker only has to guess the correct code out of 11,000 codes which dramatically reduces the time for attacks.
If you have used WPS, please consider deactivating it. Pick a random string for your pass phrase (at least 16 characters, 63 is the maximum supported). We recommend 63 characters. You can create QR codes for entering this code when using mobile devices such as smart phones. Use the security setting WPA2 with a fixed pass phrase (PSK) and select AES encryption (sometimes abbreviated CCMP, most modern devices support AES, so TKIP is not needed any more). To sum everything up into a couple of steps.

  • Pick a random string for your pass phrase (16+ characters, 63 maximum)
  • Select WPA2.
  • Select AES/CCMP.
  • Enjoy.

While the options of configuring wireless security settings can be intimidating, please consider deactivating WPS and following the steps described. The alternative is to wait until vendors provide firmware updates for the wireless routers, but changing from WPS to a direct configuration can be done more quickly.