# Beware wifi router WPS vulnerability



## raylo32 (Nov 25, 2006)

Affects almost every current wifi router. By the spec they must have WPS and have WPS enabled by default to be "wifi certified". And most (notably cisco/linksys) have no way to totally disable WPS. Supposedly they are "working on it" but they have known about this flaw for a long time so maybe not a good idea to hold one's breath.

http://www.smallnetbuilder.com/wireless/wireless-features/31664-waiting-for-the-wps-fix


----------



## poppameth (Oct 2, 2008)

I have Tomato firmware flashed on all my routers. No built in WPS support.


----------



## raylo32 (Nov 25, 2006)

That or DD-WRT is about the only real solution until (if?) the mfgs develop fixes. But not many users have the skills to do this, especially the ones who would use WPS in the first place. And many routers are not supported by either.


----------



## Ironlight (Apr 13, 2011)

You can also limit who can connect to your wireless network through individual MAC (machine access code) filtering. Basically you need to add the MAC address of all authorized devices to a list in your router. If a device is not listed, the router won't let it connect to your network regardless of whether it has the correct PIN or not. This is far more secure than WPA, and virtually every wireless router supports it these days.


----------



## raylo32 (Nov 25, 2006)

MAC filtering isn't that robust these days since sniffing out MACs and spoofing is relatively easy with freely available tools. Not a bad idea though, but kind of like putting "the club" on your steering wheel. At best you only slow the bad guys down a few minutes. Better to keep them off the network altogether.





Ironlight said:


> You can also limit who can connect to your wireless network through individual MAC (machine access code) filtering. Basically you need to add the MAC address of all authorized devices to a list in your router. If a device is not listed, the router won't let it connect to your network regardless of whether it has the correct PIN or not. This is far more secure than WPA, and virtually every wireless router supports it these days.


----------



## Ravenworks (Oct 31, 2010)

raylo32 said:


> That or DD-WRT is about the only real solution until (if?) the mfgs develop fixes. But not many users have the skills to do this, especially the ones who would use WPS in the first place. And many routers are not supported by either.


Probally why Linksys/Cisco started offering their source code and now supports DD-WRT. You can download it right from their website.


----------

