{"id":617,"date":"2012-11-25T21:21:11","date_gmt":"2012-11-25T21:21:11","guid":{"rendered":"http:\/\/emtunc.org\/blog\/?p=617"},"modified":"2013-06-15T13:07:27","modified_gmt":"2013-06-15T12:07:27","slug":"got-a-wps-enabled-router-consider-disabling-it-or-risk-dos","status":"publish","type":"post","link":"https:\/\/emtunc.org\/blog\/11\/2012\/got-a-wps-enabled-router-consider-disabling-it-or-risk-dos\/","title":{"rendered":"Got a WPS Enabled Router? Consider Disabling it or Risk DoS"},"content":{"rendered":"<p>WPS stands for wi-fi protected set-up. It&#8217;s supposed to make it easier for non-tech savvy people to authenticate devices on to a wireless network by pressing a physical button on the router or entering a PIN in to a device to make it known to the network.<\/p>\n<p>The problem with WPS is quite a big one. There are many fundamental flaws in the WPS model &#8211; I won&#8217;t go through these in this article but a simple Google search will expose these many vulnerabilities in WPS &#8211; one which I discovered by accident today is a relatively (scarily) easy denial of service on an end-users network.<\/p>\n<p><!--more--><\/p>\n<p>The denial of service can effectively take out the end-users entire network including access to the gateway&#8217;s interface. This leaves the user with no option but to <strong>physically reboot<\/strong> the router wondering what the hell just went on.<\/p>\n<p>I discovered this today as I was auditing my own wireless network. Running <a title=\"Reaver-WPS\" href=\"https:\/\/code.google.com\/p\/reaver-wps\/\" target=\"_blank\">reaver<\/a> for a few seconds against my Sky Router took out the gateway interface (probably overloading the WPS service running on the router). Leaving it running for a few minutes completely took out my internet connection leaving me no alternative but to physically reboot the router.<\/p>\n<p>The most worrying aspect of this is that an attacker only needs to <strong>see<\/strong> your wireless network &#8211; an attacker does <span style=\"text-decoration: underline;\">not<\/span> need to be connected physically or wirelessly to your network for this to happen to you &#8211; someone sitting in their car outside your house can launch this attack within minutes and you won&#8217;t even know it &#8211; yes, WPS <em>is<\/em> that vulnerable to a denial of service. Not only that but on most routers, <strong>WPS is enabled by default!<\/strong><\/p>\n<p>Now I have only tried this against my own Sky router (I&#8217;m not going to run it against anyone else&#8217;s before you ask!) but I suspect other routers are susceptible to a similar type of denial of service therefore I strongly recommend you disable WPS on your routers &#8211; I mean, who even uses WPS anyway?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WPS stands for wi-fi protected set-up. It&#8217;s supposed to make it easier for non-tech savvy people to authenticate devices on to a wireless network by pressing a physical button on the router or entering a PIN in to a device to make it known to the network. The problem with WPS is quite a big [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1],"tags":[79,80,67,7,82,81,78],"class_list":["post-617","post","type-post","status-publish","format-standard","hentry","category-tech","tag-backtrack","tag-dos","tag-network","tag-networking","tag-router","tag-sky","tag-wps"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1trTO-9X","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/comments?post=617"}],"version-history":[{"count":3,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/617\/revisions"}],"predecessor-version":[{"id":619,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/posts\/617\/revisions\/619"}],"wp:attachment":[{"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/media?parent=617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/categories?post=617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emtunc.org\/blog\/wp-json\/wp\/v2\/tags?post=617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}