|
Avoid Wi-Fi Protected SetupWireless network access points have a feature called Wi-Fi Protected Setup (WPS). The idea is to facilitate the configuration of the access point since abbreviations such as TKIP, AES, WPA2, PSK, etc. can be quite intimidating for anyone not used to network and security protocols. Security researchers have found a serious weakness in the WPS protocol.
Security researchers Stefan Viehböck and Craig Heffner has published a description of the vulnerability along with a tool to prove the existence of the weakness. Basically WPS substitutes the security of pass phrases with a PIN code. Due to the nature of WPS an attacker can guess this code very easily and obtain the configured pass phrases. The attacker only has to guess the correct code out of 11,000 codes which dramatically reduces the time for attacks.
While the options of configuring wireless security settings can be intimidating, please consider deactivating WPS and following the steps described. The alternative is to wait until vendors provide firmware updates for the wireless routers, but changing from WPS to a direct configuration can be done more quickly.
|