Technology is great, especially wireless technology. RFID, NFC, Bluetooth, Wi-Fi, etc, all allow the transmission of data without the need for cables. When at the register, ready to pay, I take my phone out, enter my pin into Google Wallet, and swipe my phone on the card terminal. I just paid for my groceries without taking my wallet out and without having to sign or enter the card PIN.
I get home with my new wireless device and attempt to connect to the Wi-Fi. I no longer need to remember my wireless point’s password. I press the WPS button on the router and any device can be connected without entering a password. However, I’m not able to connect this time. In fact, my wireless point has been renamed and who knows what the password is. I reset the router, go through the setup, connect my devices. Maybe it was a fluke?
Next day, my wireless point is changed again, and my login for the router is not working. What is going on?
My neighbor may have gained access to my router. How? He doesn’t have my password. Well, as great as technology is, there are weaknesses to be aware of.
Hackers have learned a new way to gain access to wireless networks, and it involves using the WPS button on the router, and they do not need physical access. Hackers are able to use WPS by brute-force method of guessing the WPS PIN. By default, wireless routers will listen for WPS PIN in addition to the Wi-Fi password (WEP, WPA2, etc). The first generation of the WPS button allows an unlimited attempt to guess the password. Later iterations throttle repeated attempts to guess the WPS PIN.
Hackers using specific software programmed for these attacks can gain access to your network in seconds. An unprotected router will give hackers total control to your network. In order to defend yourself from these attacks follow the procedures below:
1. Update your wireless router.
Manufacturers are constantly working on fixing vulnerabilities such as the WPS one. Your manufacturer may have released an update that throttles the attacks which temporarily denies further attempts to test the WPS PIN.
2. Set a strong Administrator password on your router.
Having a strong administrator password will stop hackers from taking control of your network. This gives you time to blacklist devices if your wireless router supports such features.
3. Enable MAC authentication.
MAC authentication tells the router the devices with the particular MAC address listed in a table may connect to your network. This stops unknown devices from appearing in your network, as the router will not assign an IP address even if the device manages to authenticate.
4. Disable WPS.
Disabling WPS when not in use will prevent the attack. However, some devices may not truly disable the WPS feature still leaving you vulnerable. Enable the feature when adding a new device, and disable it after.
The same goes for other wireless communications such as Bluetooth and NFC. Always use a strong password, and disable service when not in use so that if hackers do manage to find a vulnerability, you will be less likely to be a victim. Keep devices up to date with the latest firmware/updates.