Brandt Krueger

Freelance Technical Meeting and Event Production, Education, Speaking, and Consulting. Geek Dad, Husband

Consultant, Meeting and Event Technology
Owner, Event Technology Consulting
Instructor, Event Leadership Institute
Host, GatherGeeks - A Podcast by BizBash

WiFi Security Alert- "WiFi Protected Setup" Security Flaw

The Dlink DIR 601 Wireless Router: One of the millions of routers with WiFi Protected Setup This is a legitimate and serious security alert regarding WiFi access.  Apartment-dwellers, businesses in strip malls, hotels, and convention centers all should be advised.  Basically if your WiFi signal reaches to a point where someone could park for a while (less than 24 hours), you are likely vulnerable to having someone hack into your WiFi network, even if it is secured.  This could be, for example, an apartment next door, a lounge in your building, a nearby parking lot, or a car parked on the street if your signal reaches that far.

As usual, making things simple makes them less secure. There is a convenient "feature" of almost all WiFi access points built in the last few years that allows you to connect a device to your network (such as a Windows 7 computer, a cell phone, a printer, etc.) by pressing a button or clicking a dialog box and then entering a short 8 digit pin stamped on a label on the WiFi device.  This is known as "WiFi Protected Setup".

It turns out that the pin can be cracked and give a hacker access to your network in less than 24 hours (sometimes only a couple of hours) of brute force attacking because of a really stupid way that the password is sent/received between the two devices.  Once unencrypted access to your network is gained, the attacker can (at best) use your internet connection and (at worst) sit quietly and watch all of your internet traffic.

If you're comfortable configuring your wireless router, poke around in the settings and look for something called "WiFi protected setup".

THIS IS ENABLED BY DEFAULT.  If you uncheck this "feature" you should be protected from this type of attack until your manufacturer can push out an update.  Check your WiFi router's manufacturer's website frequently over the next couple months to look for an update for your device.

If you want to learn about this in great detail, I highly recommend this podcast, Security Now! with Steve Gibson and Leo Laporte:

http://twit.tv/show/security-now/335

For more general info, just search for "wifi protected setup flaw" on your search engine of choice.

Please feel free to pass this on to anyone you may know with WiFi access points in their home or office.