I’ve written here before about the importance of properly securing your home wireless network. Now comes word that a potential security flaw exists on newer wireless routers even if they have been properly secured and administered.
The flaw is with a relatively new feature called Wi-fi Protected Setup, or WPS. This feature is used to simplify the process of connecting wireless clients by using a short PIN code to connect, instead of the normal shared key or passphrase.
Setting up a wireless network can be a complicated and tedious process, and obviously anything that simplifies this for home users is a good thing. However, a security researcher has discovered a design defect in the WPS protocol that makes it possible for an intruder to penetrate a wireless network using a brute force approach.
This article from c|net explains the whole issue, if you would like to read the details.
The flaw is reported to affect router hardware from Buffalo, D-Link, Cisco, Linksys, Netgear, Technicolor, TP-Link, and ZyXEL – pretty much all the major vendors. The recommended solution is to disable your router’s WPS function entirely. Different manufacturers have alternative names for WPS. Buffalo calls it AOSS, and Cisco/Linksys refers to it as SES.
WPS is only useful when you are actually connecting a new device. Otherwise, it’s unnecessary. But if your router is configured to leave WPS active all the time, it’s a very good idea to disable the feature. The likelihood of an attack is somewhat remote on a home network, but there’s no reason to leave an exploit like this open if it’s easily addressed.