Last year we had a visitor at our apartment, little boy, experimental high school student. He had just learnt a new trick at school, “Hacking Wifi”, I told myself who does he think he is, (you know man and their ego), we got the best password for our WiFi anyone can think of. He took out his android phone, and wanted to start doing his thing, “its not rooted” he said. I gave him my brothers phone because I didn’t own an android phone. So he downloaded the tools he needed to root the phone and start hacking. He tried everything but it didn’t work. Shame took over. “The trick always works”, that didn’t stop us from making him feel bad about his attempts. My brother always said I was the guy to setup routers and any technology, after all l was studying Information Security. After some months our data depleted faster than usual because of the new movies and series we were streaming, so one day I held my brothers phone and saw the tools the boy wanted to use, and what do you know, heaven smiled on us. WPS was enabled.
What is WPS and How does it work?
Wi-Fi Protected Setup. It was created to make it easy to connect to your network without the hassle of typing that complicated password your little brother thought of when the ISP technical guys came to set it up. It is an 8-digit pin that if you enter it on your device trying to connect to a network it will (if correct), request for the really complicated PSK or password from the router then the real authentication happens and BOOM, you’re in the network.
How making things easy became a loophole:
You remember me saying “heaven smiled on me.” Well our next door neighbours had Wi-Fi with WPS enabled and that meant the same tools that boy we laughed at used could now work in our favour. WPS is not as secure as some might think it is. You might say who can guess 8 digits straight. True, I cannot do that but I don’t need to, that’s not how it works.
The 8-digit pin is split into two so the first four first digits are tested if they are true and if they aren’t then it goes to the last half. Making the job a little bit easier instead of having 10^8 trials we now have 2(10^4). However, the other half is 3 numbers only that we need to calculate because the 4th is just a checksum therefore we have 10^3 giving us 10^4+10^3= 11000 trials only from 10^8 trials we thought were needed. This then means we don’t really need so much computing power and much time to get these numbers. Stefan Viehbock explains this in his article about how wps work.
M4 = 1st half of the PIN
M5 = Acknowledgement of first half of pin and request for second
M6 = 2nd half of the PIN
M7 = Final 8 digit PIN with the checksum fixed
This brings us to the tool that was downloaded by the young boy “wps tester” it can do such wonders in very little time.
Most ADSL routers come with the WPS enabled.
One-Fi Modems (Huawei)
Call your ISP for this feature to be disabled or if you have the knowledge, do it yourself and change your password.
Put a MAC Filter to make sure if the attacker succeeds with the WPS attack he or she can not tap in your network.
If you are a ISP who supplies the modems or installs them, disable this feature on installation to avoid inconvenience or update the firmware with default settings that has WPS disabled.
If you want to disable WPS on your ADSL Modem follow the steps below:
- Enter your default gateway address in your browser( normally 192.168.1.1)
- Enter the password and username (admin and admin) respectively.
- Navigate to Interface setup and to wireless
- Find the WPS option and disable it.
- Change your password too.
- Press save to save your changes
Thanks to Dutch