JoeEkaitis
01-21-2012, 11:23 PM
Even if you've cloaked the network name (SSID) of your WiFi router, cranked the security all the way up to WPA2-PSK with AES cipher and have a pre-shared key (password) that's so obscure a supercomputer couldn't crack it in a dozen centuries, there might still be a security hole.
It's called WPS (WiFi Protected Setup). Some makers call it Pushbutton Wireless or some other user-friendly name. It's usually enabled by default because it's meant to simplify adding wireless users to your network. Since it's protected by an 8-digit password, it can yield to a brute force attack in as little as 8 hours. Once inside your router via WPS, a hacker can do anything any other user can do.
Log into your router's wireless setup screen, find the page for WPS and turn it off! When a friend brings over a laptop, enter the WiFi connection information yourself and delete it before your friend leaves.
Even worse, recent Cisco/Linksys routers have a bug that keeps WPS enabled even if you turn it off in the setup screen. If you have one of those, get the latest firmware update.
It's called WPS (WiFi Protected Setup). Some makers call it Pushbutton Wireless or some other user-friendly name. It's usually enabled by default because it's meant to simplify adding wireless users to your network. Since it's protected by an 8-digit password, it can yield to a brute force attack in as little as 8 hours. Once inside your router via WPS, a hacker can do anything any other user can do.
Log into your router's wireless setup screen, find the page for WPS and turn it off! When a friend brings over a laptop, enter the WiFi connection information yourself and delete it before your friend leaves.
Even worse, recent Cisco/Linksys routers have a bug that keeps WPS enabled even if you turn it off in the setup screen. If you have one of those, get the latest firmware update.