Got a WPS Enabled Router? Consider Disabling it or Risk DoS

WPS stands for wi-fi protected set-up. It’s supposed to make it easier for non-tech savvy people to authenticate devices on to a wireless network by pressing a physical button on the router or entering a PIN in to a device to make it known to the network.

The problem with WPS is quite a big one. There are many fundamental flaws in the WPS model – I won’t go through these in this article but a simple Google search will expose these many vulnerabilities in WPS – one which I discovered by accident today is a relatively (scarily) easy denial of service on an end-users network.

The denial of service can effectively take out the end-users entire network including access to the gateway’s interface. This leaves the user with no option but to physically reboot the router wondering what the hell just went on.

I discovered this today as I was auditing my own wireless network. Running reaver for a few seconds against my Sky Router took out the gateway interface (probably overloading the WPS service running on the router). Leaving it running for a few minutes completely took out my internet connection leaving me no alternative but to physically reboot the router.

The most worrying aspect of this is that an attacker only needs to see your wireless network – an attacker does not need to be connected physically or wirelessly to your network for this to happen to you – someone sitting in their car outside your house can launch this attack within minutes and you won’t even know it – yes, WPS is that vulnerable to a denial of service. Not only that but on most routers, WPS is enabled by default!

Now I have only tried this against my own Sky router (I’m not going to run it against anyone else’s before you ask!) but I suspect other routers are susceptible to a similar type of denial of service therefore I strongly recommend you disable WPS on your routers – I mean, who even uses WPS anyway?