WiFi Protected Security (WPS), not sure if it is secure !
A few days ago I got NETGEAR DGN1000 from Orange to connect to my internet. I'm also IT myself and went through all the settings to make sure everything is secure. Then I came across WPS. I read the manuals and all the forums and NETGEAR website and other web info regarding this. And I just got off the phone to NEGEAR support and after half an hour non-the-wiser !?!
First of all I don't use or want WPS (never had or used it before), but there's no way to disable it on DGN1000 - see details below. Apparently it's designed for dummies to connect their WiFi devices (if you ask me, if someone can't type a WiFi pass key it should not be using it anyway!?). As far as I can see it seems it is a bit of a security risk, the way that I understand it - so correct me if I'm wrong.
Contrary to some people on this forum and others, WPS works in two ways as follows:
1- You push the WPS button (or virtual button from admin tool) on your NEGEAR router (AP), then within the 2 minutes press a (similar or virtual) button on your (WPS compliant) client device. That's it, hey presto, the devices are connected and paired for good. Nothing else needs doing.
People reckon the chances of someone else also press their button on their WPS client within that 2 minutes is minimal !!?? But wait, can a hacker write a little program to try and connect every 10 seconds to any router that has it's WPS button pressed and made itself available - it's like fishing, I bet in a large neighbourhood he'll get a few connections in a week or a month ! Is this secure !? (I'm not pressing my WP non-S button for the time being! :eek:)
But it doesn't end here, wait for this:
2- Without you having to press ANY button on your NETGEAR router, as long as it is ON and the WiFi active, ANYONE can just type a 8 digit pin (not alphanumeric, just numeric) and connect to your WiFi !!!??? Boy o boy, we have come a long way from WEP haven't we !?
This PIN can not be changed by the user, so all NETGEAR employees and anyone in between from manufacturing to packaging to delivery knows this pin for every serial number of NETGEAR device - before you say, if they want to of course ! (If you are one, note them down, I bet it worth a few bob for the ones that end up in banks !!? :p)
This PIN connection mechanism (means you don't even have to press any buttons) can NOT be disabled on DGN1000. Despite having a checkbox for it in Advanced Web Settings, it's greyed out and can not be altered (I have the latest firmware by the way).
So, I guess our hacker friend can just add another piece of code to his program and try various 8 digit number combinations (these hackers must think is xmas every day !), I bet he will get lucky more than the "Push 'N' Connect" mechanism with this PIN system.
I just don't understand this. How could this be, the support person didn't know much about it and kept saying the PIN is encrypted, but I guess he means in communication, but that is not the point here. (I bet the encryption mechanism is already out there as all WPS devices needed to communicate with routers.
I asked if there was a way to completely disable the WPS - of course not, why would they provide this feature, who needs it !!?? We are all dummies, right ?! :confused:
I think there must be more to it than this. This WPS is being introduced by WiFi Alliance company or something like that, and somehow approved by someone somewhere, they didn't think of these issues ! There are only a few mentions of this on the web and a few posts on this forum.
My only hope is this, in the instructions on right-side of the Advanced Web Setting, for the checkbox to "Disable router PIN" (which is normally greyed-out), it says:
"for security reasons the router might disable the PIN mechanism, you can then enable it again using this checkbox." (I think that is why it's greyed out, it only work the other way I guess.)
So I'm thinking maybe NETGEAR has built a mechanism to prevent brute-force attack by temporary disabling this PIN - something they don't even know about themselves.... !LOL :rolleyes:
My other half solution is to set it to change the SSID and passkey on every connection (there is an option for this). This is not recommended, but if someone did manage to connect using WPS, the settings change and I will know because I won't be able to connect myself. Then I have to connect via wire and re-set it, pain but at least I'll know.
These might help, but what I really want is the way to completely get rid of this piece of **** WPS, what we have to endure for a few dummies amongst us !!! - I might be looking at another router without this, but I'm guessing this damn thing will be rolled out on every thing that plugs in the main soon. What a mess, what do you think ? Please tell me I'm not right !:(
btw, WPS is not netgear design or new implement thttp://en.wikipedia.org/wiki/Wi-Fi_Protected_Setupation. Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard for easy and secure establishment of a wireless home network.
if bother you on key, disable the PIN for WPS under advance >wireless settings
Re: WiFi Protected Security (WPS), not sure if it is secure !
jmizoguchi, I'm afraid you might be wrong here. The trouble is you have posted this same reply on many threads which raised this point about WPS.
I have read the manual and spoken to the NETGEAR tech support team today on the phone. He confirmed that you do NOT need to push the button in order to connect via the PIN. There are two mechanisms as I explained above, one with button only, no need for PIN. One without button, PIN only.
Fair to say I have no WPS client to check this (I have Windows XP), but I'm looking for a program to allow me to check the WPS on XP for myself to be sure.
(This is for DGN1000 according to the manual and the tech support, I have no idea about other boxes.)
Re: WiFi Protected Security (WPS), not sure if it is secure !
There's nothing on page 23 about WPS, I guess you mean page 37.
On that page you can see the Push 'N' Connect method. You agree that the method 1 I described above is correct, just need pressing two buttons on client and Router/AP and it's all done (what a security nightmare, if hackers are scanning and waiting).
Now method 2 is not described in the manual, what you see in page 38 (next page) is connecting a client to AP using the "client" PIN number. This is called "AP Interface".
But note that AP has it's own PIN at the back of the box. You do the reverse of what is in the manual on your WPS enabled client. That is you enter the AP PIN on the client. This is called "Client Interface"
I was told that on AP nothing needs doing when you carry out the operation on client. This is not clear, but I would like to believe you need to press the WPS button on AP, it's not mentioned anywhere though. On other boxes you go through "Client Interface" on AP - read about it in the link below. I don't see NETGEAR providing this. You then have 2 minutes to enter the AP PIN on client (see photo in link). I wonder if NETGEAR has implemented this via pushing the WPS button and done away with "Client Interface".
Please take a little time and read this, it describes both PIN operations of AP interface and Client interface (it's well worth it):
Re: WiFi Protected Security (WPS), not sure if it is secure !
You can always get a Wired router, and then a wireless access point from the business class. Or easier yet, if the DGN100 supports it, implement RADIUS and then no one can get on without correct credentials. I have a FVS336gv2 with WG103s with RADIUS setup and no one can get on the WIFI without me knowing.
Re: WiFi Protected Security (WPS), not sure if it is secure !
I managed to do a proper WPS test using the PIN mechanism on DGN1000 on Friday and posted a comprehensive reply of my findings regarding this MAJOR SECURITY issue with this box.
But I think the moderator did not like it, so it is not yet released on this thread. Not sure if this post will !?!?
As I mentioned in my earlier posts and confirmed by testing, you do NOT need to press WPS button or do anything else on the router to connect to it, just need to enter the PIN !?! Serious bug/problem - I don't think WPS is suppose to work like that.... :mad:
I'm not sure if NETGEAR considers this as a bug, I think they might have misunderstood the whole WPS PIN thing and designed it that way..... !?!?!? That's the impression I got from the support person on the phone. Anyway, I repeat my post that was not published for the benefit of others:
I found my Android phone has WPS facility. I used the WPS PIN option on Android and entered the PIN from the back of DGN1000 box and after the Android said "push WPS button on router" (*** that is how WPS is suppose to work ***).
However, I did not push anything on the router (physical or virtual), just clicked continue on Android. And it just connected right away !?!?!?
**** WARNING to all DGN1000 owners **** you are wide open to hackers. Here is a few things I did to try and secure it a bit:
1- Add MAC ID filtering. Though you know how easy it is to use packet sniffers to get around that
2- Don't broadcast SSID (I couldn't do this because my phones don't connect in easily with hiding SSID). Also hackers can scan and find your box anyway !
3- Select the option "Keep Wireless Settings" on the WPS page from router Admin Configuration. This means if a hacker connects to your router (using WPS PIN), it will generate a new SSID and pass key. All your devices get locked out and disconnect from the router. So you will know you are HACKED !? You can then connect via cable and change it - and start thinking about buying a new router !?
Because once they guessed your PIN (with a simple brute force attack on 8 digit PIN) they can connect at will .... !!!!? You can't change your PIN and can't disable WPS - what a joke this box is :mad:
And it is being send to all Orange broadband customers ! :confused:
