NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WiFi Protected Security (WPS), not sure if it is secure !
A few days ago I got NETGEAR DGN1000 from Orange to connect to my internet. I'm also IT myself and went through all the settings to make sure everything is secure. Then I came across WPS. I read the m...
I'm not sure if NETGEAR considers this as a bug, I think they might have misunderstood the whole WPS PIN thing and designed it that way..... !?!?!? That's the impression I got from the support person on the phone. Anyway, I repeat my post that was not published for the benefit of others:
I found my Android phone has WPS facility. I used the WPS PIN option on Android and entered the PIN from the back of DGN1000 box and after the Android said "push WPS button on router" (*** that is how WPS is suppose to work ***).
However, I did not push anything on the router (physical or virtual), just clicked continue on Android. And it just connected right away !?!?!?
**** WARNING to all DGN1000 owners **** you are wide open to hackers. Here is a few things I did to try and secure it a bit:
1- Add MAC ID filtering. Though you know how easy it is to use packet sniffers to get around that
2- Don't broadcast SSID (I couldn't do this because my phones don't connect in easily with hiding SSID). Also hackers can scan and find your box anyway !
3- Select the option "Keep Wireless Settings" on the WPS page from router Admin Configuration. This means if a hacker connects to your router (using WPS PIN), it will generate a new SSID and pass key. All your devices get locked out and disconnect from the router. So you will know you are HACKED !? You can then connect via cable and change it - and start thinking about buying a new router !?
Because once they guessed your PIN (with a simple brute force attack on 8 digit PIN) they can connect at will .... !!!!? You can't change your PIN and can't disable WPS - what a joke this box is :mad:
And it is being send to all Orange broadband customers ! :confused:
I found my Android phone has WPS facility. I used the WPS PIN option on Android and entered the PIN from the back of DGN1000 box and after the Android said "push WPS button on router" (*** that is how WPS is suppose to work ***).
However, I did not push anything on the router (physical or virtual), just clicked continue on Android. And it just connected right away !?!?!?
**** WARNING to all DGN1000 owners **** you are wide open to hackers. Here is a few things I did to try and secure it a bit:
1- Add MAC ID filtering. Though you know how easy it is to use packet sniffers to get around that
2- Don't broadcast SSID (I couldn't do this because my phones don't connect in easily with hiding SSID). Also hackers can scan and find your box anyway !
3- Select the option "Keep Wireless Settings" on the WPS page from router Admin Configuration. This means if a hacker connects to your router (using WPS PIN), it will generate a new SSID and pass key. All your devices get locked out and disconnect from the router. So you will know you are HACKED !? You can then connect via cable and change it - and start thinking about buying a new router !?
Because once they guessed your PIN (with a simple brute force attack on 8 digit PIN) they can connect at will .... !!!!? You can't change your PIN and can't disable WPS - what a joke this box is :mad:
And it is being send to all Orange broadband customers ! :confused: