The WPS (WiFi Protected Setup) flaw explained for the average user

By +Warwagon
in General Discussion

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

The WPS (WiFi Protected Setup) Flaw Explained v1.5

Last month a serious security flaw was discovered in WPS. WPS is built in and effects almost all consumer routers sold in the last few years. Below is explanation about what WPS is and what has been discovered that makes it so dangerous to have enabled.

Why was it created?

The Wi-Fi Protected Setup (WPS) was created to help unsophisticated users secure their wireless router and connect different devices to their wireless network with ease.

How WPS Works

Every router that supports WPS has a an eight-digit device pin printed on the back. When you try to connect a wireless laptop or wireless printer to your wireless network it will ask you for that 8 digit pin. Now 8 digits are great, because someone would have to be parked on your curb for the next 6.3 years trying to find the correct combination of all 8 digits. It takes 6.3 years because after guessing 3 wrong numbers, the router goes into a lock-down state for 60 seconds. So only 3 different 8 numbers combinations can be tried every 60 seconds, thus taking about 6.3 years.

What went wrong

They Split the 8 digits into 2 sets of 4. All that has to happen now is the first 4 have to be found first. 4 digits only have a 10,000 possible number combination. Once the first 4 numbers are found, the router proclaims "You've found the first four" giving, in essence, a checkpoint at which to save the progress before finding the last 4. So instead of having to guess an 8 digit combination, all that has to be guessed now is two 4 digit combinations and that takes considerably less time. So we've now gone from taking 6.3 years down to about 1 day. But of course in some cases it gets worse. Some routers do not even go into a lock-down state for 60 seconds after 3 failed attempts. It allows as many guess as can be thrown at it. This means someone could potentially connect and compromise your secured WiFi network in less than 1 day.

How to protect yourself

All router manufactures have to add WPS to their routers and turn it on by default in order to be certified by the Wi-Fi Alliance. So for the last few years ,every router has it built in and has it enabled by default.

Let's start by seeing if your router even has WPS. This can be done one of 2 ways. First check the front of your router for a big WPS push button. If you don't see a push button on the front of the router, look on the back of the router for a sticker that contains an 8 digit pin.

There are 3 ways you can protect yourself if your router has WPS:

1) Disable WPS via the web interface on your router. In some cases, even though you turn off WPS, the router doesn't listen. So to make sure WPS is really turned off do the following: Find a Windows 7 machine with Wi-Fi and remove your current wi-fi connected network from the machine and try to reconnect to it. If it prompts you for the WPS pin then, WPS is still enabled. If it prompts you for the WPA key then WPS has been successfully disabled.

2) Firmware update. To correct this WPS issue all together will require a firmware update to the router. It should be a really easy thing to fix so Router manufactures should be releasing router updates shortly. The fix simply requires the input of all 8 numbers not the present system of 2 sets of 4. A firmware update will also be needed if you have a router that will not disable properly.

3) Use alternative firmware like Tomato or DD-WRT. Both of these 3rd party firmware's do not have support for WPS built into them so they are not susceptible to the WPS attack. Below is a link to a Google docs spreadsheet which has been kept up to date by users of the internet as to which Routers have WPS and which routers it can be disabled and it stays off.

Experienced

Another Canuck

Posted
Posted

Here's a video for those who are interested in an in-depth look at WPS being exploited by the "Reaver" tool:

http://www.youtube.com/watch?v=Vg_Wo_1eo5c&hd=1

And the accompanying blog post: http://www.simplywifi.co/blog/2012/1/1/wps-brute-force-thoughts-and-video.html

Grand Master

+Xinok Subscriber²

Posted
  • Subscriber²
Posted

It's actually worse than that.

Since the last digit is a checksum of the previous digits,[6] there are seven unknown digits in each PIN, yielding 107 = 10,000,000 possible combinations.

Since the first half of the pin consists of four digits (10,000 possibilities) and second half has only three active digits (1000 possibilities), at most only 11,000 guesses are needed before the PIN is recovered.

Wikipedia

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

The worst part about all this is the average user. The average user barely knows what you mean by start button (now that the word start is gone), let alone how to log into the web based interface of their router and update the firmware. So once this technique of hacking routers becomes main stream, millions of users will be sitting ducks. Millions of users will not upgrade the firmware or turn off WPS in their routers.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Fastfetch 2.64 released bringing new logos and other improvements

      By binaryzero · Posted

      Sweet
    • OpenAI is rolling out a major upgrade to ChatGPT memory

      By pradeepviswav · Posted

      OpenAI is rolling out a major upgrade to ChatGPT memory by Pradeep Viswanathan OpenAI is rolling out a major upgrade to ChatGPT's memory, making the system more capable, current, and scalable across long-term use. Memory allows ChatGPT to remember useful details about users, including their preferences, projects, and constraints. Instead of starting every conversation from scratch, ChatGPT can use this context to provide more relevant responses in future chats. OpenAI first launched saved memories in February 2024. That feature allowed users to explicitly ask ChatGPT to save information into its memory, such as travel plans or writing preferences. However, this system had limits because it depended heavily on users giving clear instructions to remember something. Additionally, saved memories could become stale over time. In April 2025, OpenAI expanded memory by allowing ChatGPT to reference past chat context outside the saved memories list. This was powered by a background process called “dreaming,” which automatically curates memories from chat history. This made ChatGPT better at learning from natural conversation without requiring users to manually save every detail. Today, OpenAI announced a more capable and compute-efficient memory architecture built on top of dreaming. This new system improves ChatGPT’s ability to carry forward useful context, follow user preferences, and remain accurate as time passes. According to OpenAI’s internal evaluations, the new system improves factual recall from 67.9% in 2025 to 82.8% in 2026. Preference adherence improves from 55.3% to 71.3%, while accuracy over time improves from 52.2% to 75.1%. The best part of this new system is a new memory summary page where users can review ChatGPT's memories. Users can even update details, correct information, or give instructions on what topics ChatGPT should bring up and when. This new, improved memory system is available to ChatGPT Plus and Pro users in the US starting today. It will roll out to more countries, as well as Free and Go users, in the coming weeks.
    • Microsoft announces Surface Laptop Ultra with NVIDIA RTX Spark processor

      By matthiew · Posted

      I work for a video production company in Australia. The camera operators shoot footage and then pass the SD card over to the editors. Much easier than handing over the entire camera. Plus, on a busy day you can hand off the SD card and then pop another in for the next shoot. Or, you might have used multiple SD cards because you need the extra space for a long shoot. I also use USB cables and wifi for transferring footage, but in many cases an SD card reader is the easiest method.
    • Microsoft Edge 149.0.4022.52

      By Copernic · Posted

      Microsoft Edge 149.0.4022.52 by Razvan Serea Microsoft Edge is a super fast and secure web browser from Microsoft. It works on almost any device, including PCs, iPhones and Androids. It keeps you safe online, protects your privacy, and lets you browse the web quickly. You can even use it on all your devices and keep your browsing history and favorites synced up. Built on the same technology as Chrome, Microsoft Edge has additional built-in features like Startup boost and Sleeping tabs, which boost your browsing experience with world class performance and speed that are optimized to work best with Windows. Microsoft Edge security and privacy features such as Microsoft Defender SmartScreen, Password Monitor, InPrivate search, and Kids Mode help keep you and your loved ones protected and secure online. Microsoft Edge has features to keep both you and your family protected. Enable content filters and access activity reports with your Microsoft Family Safety account and experience a kid-friendly web with Kids Mode. The new Microsoft Edge is now compatible with your favorite extensions, so it’s easy to personalize your browsing experience. Microsoft Edge 149.0.4022.52 changelog: Migration to improved V2 architecture for Workspaces. Workspaces, introduced in Edge in 2022, allows users to create durable sets of tabs that can be saved and shared with others. In order to improve reliability and performance of this feature, the following changes are being made: Migrating data for saved Workspaces from OneDrive/SharePoint to Edge Sync service Removing the collaboration/share functionality of this feature For organizations who have disabled Sync through policy, the existing v1 Workspace data will still be migrated to the new architecture. New v2 Workspaces created after migration won't sync across devices and will remain local to each device. This update occurs on a progressive rollout beginning in Edge Stable v145 and will continue rolling out in Edge v149. For more information, see Getting started with Microsoft Edge Workspaces. Feature Updates Passkey Sync for Enterprise Users. Microsoft Edge is introducing support for passkey synchronization for enterprise users, enabling secure, passwordless authentication across devices. Passkeys created in Edge can now be synced seamlessly, improving sign-in experience while maintaining strong security standards. Note: This is a controlled feature rollout. If you don't see this change, check back as we continue the rollout. Enterprise WebView2 runtime downgrade via DowngradeVersion policy. Administrators can temporarily roll back specific applications to a previous WebView2 Evergreen Runtime version (N-1 or N-2) using the new DowngradeVersion policy in msedgewebview2.admx. The Downgrade Version policy allows enterprises to mitigate critical regressions by specifying per-application exe-to-version mappings. The Edge Updater installs the target version side-by-side, and the WebView2 Loader redirects targeted apps accordingly. Downgrades auto-expire with each new WebView2 release: apps pinned to N-1 remain on the same version (now becoming N-2) and will auto-update in the next release, while apps pinned to N-2 will revert to the current Evergreen version. The policy applies only to enterprise-managed devices (domain-joined or MDM-enrolled). For more information, see Microsoft Edge WebView2 Policy Documentation | Microsoft Learn. Collections retirement. Collections has been removed in this update. Users can no longer access or use the feature. To keep saved content, users can export it, or move all pages to Favorites before updating to Microsoft Edge Stable 149. For more information, see Organize your ideas with Collections in Microsoft Edge - Microsoft Support. Modern, unified, and updated Look and Feel. Microsoft Edge has updated the Look and Feel to give customers a unified experience across all of Microsoft AI surfaces including Copilot and Bing. This changes multiple elements of the UX such as spacing, corners, fonts, default colors, etc. Clarify choices surrounding third-party cookie settings. Language under Settings > Privacy, search, and services > Cookies are clarified to better describe the choices users have in managing third-party cookies. Custom primary password retirement. Users are no longer able to create a new custom primary password in Edge Settings edge://settings/autofill/passwords/settings. Any users who are still using a custom primary password will be automatically migrated to device authentication. Additionally, the PrimaryPasswordSetting policy will no longer support the WithCustomPrimaryPassword option. For more information, see Keep your saved passwords private in Microsoft Edge | Microsoft Support. Unifying Copilot Chat policy controls. The Microsoft365CopilotChatIconEnabled policy is the standard for configuring Copilot Chat. Previously, this behavior was controlled by blocking the Copilot extension, either explicitly or by using the * wildcard via the ExtensionSettings or ExtensionInstallBlockList policies. Extension and sidebar policies no longer affect the appearance or functionality of Copilot Chat. Copilot address bar suggestions were also tied to extension policy settings. Starting in Microsoft Edge version 149, admins can use the CopilotAddressBarSuggestionsEnabled policy to manage this behavior. Intune MAM Protected Downloads. The protected downloads feature for Intune MAM is now available for BYOD (Bring Your Own Device) devices, which aren't managed by a tenant. Policy Updates / New policies CopilotAddressBarSuggestionsEnabled - Enable Copilot address bar suggestions CpuPerformanceTierOverride - Override for the CPU performance tier DataUrlInWebWorkerOpaqueOriginEnabled - Enable opaque origins for data URLs in Web Workers DefaultLocalFontsSetting - Default Local Fonts permission setting ForceForegroundPriorityForUrls - Force foreground priority for specific URLs LocalFontsAllowedForUrls - Allow Local Fonts permission on these sites LocalFontsBlockedForUrls - Block Local Fonts permission on these sites Deprecated policies WalletDonationEnabled - Wallet Donation Enabled (deprecated) EdgeWalletEtreeEnabled - Edge Wallet E-Tree Enabled (deprecated) Additional policy changes ForceForegroundPriorityForUrls - ForceForegroundPriorityForOrigins is renamed to ForceForegroundPriorityForUrls OnSecurityEventEnterpriseConnector - Add macOS platform support ProtectedContentIdentifiersAllowed - Remove macOS platform support Download: Microsoft Edge (64-bit) | 193.0 MB (Freeware) Download: Microsoft Edge (32-bit) | 170.0 MB Download: Microsoft Edge (ARM64) | 188.0 MB View: Microsoft Edge Website | Release History Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Still using Classic Outlook? Microsoft highlights 15 reasons to switch to New Outlook

      By Eric Biran · Posted

      User: "But is it good?" Microsoft: "Well, no. But it is less bad."

  • Recent Achievements

    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular
    • Very Popular
      s0nic69 earned a badge
      Very Popular
    • Collaborator
      Asgardi earned a badge
      Collaborator

  • Popular Contributors

    1. 1
      +primortal
      471
    2. 2
      PsYcHoKiLLa
      247
    3. 3
      Skyfrog
      80
    4. 4
      FloatingFatMan
      67
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!