How to Disable WPS In Order to Protect Your Network

Cracking The WPS Code Of A Router
Cracking The WPS Code Of A Router.

The weakest part of your home network likely isn't something you've done. That's assuming, of course, that you've changed the default administrator's password on your router,. So, your home network's weakest part is a feature called WPS and it's a feature in many routers for sale today.

WPS stands for Wi-Fi Protected Setup and it was introduced to make it easier to connect new devices to a network such as your Sky TV box or games consoles.

How Does WPS Work?

The idea is that you can press a button on the router and a button on the device and both items will pair up and you as a user don't have to do any real setup.

If your device doesn't have a WPS button then the router can be set up so that you just need to type in a PIN into the setup screen for your device to create a connection instead of the long 16 character WPA password often provided by routers.

The PIN is the main issue because it's easily hacked. Why? It's only an 8 digit number. Obviously for a regular person hacking an 8 digit number is going to take some time, but the actual process of hacking the WPS PIN of a router is as simple as installing a single piece of software. There aren't even any difficult command line options to enter.

If you can use Google, read web pages, and watch Youtube videos then you will find dozens of web pages and videos showing exactly how to do it.

How Easy Is It To Hack A Router With WPS Enabled?

Using Linux it is incredibly easy to hack a router with WPS enabled.

I am providing these instructions to show you how easy it is to crack a WPS pin and you should not try this against a router that you do not have permissions to run the software against as it is likely to be against the law in the country where you live.

Within Ubuntu (one of the most popular Linux distributions) all you have to do is the following:

  1. Open a terminal window (press ctrl, alt and delete).
  2. Install wifite using the apt-get command (sudo apt-get install wifite)
  3. During the install you will be asked whether you want it to run as root or not, choose "no"
  4. From the command line run wifite (sudo wifite)
  5. A scan will take place and a list of Wi-Fi networks will appear with the following columns:
    • NUM - An identifier which you would enter to choose to hack that network
    • ESSID - The SSID of the network
    • CH - The channel the network is running on
    • ENCR - The type of encyrption
    • POWER - The power (the signal strength)
    • WPS - Is WPS enabled
    • CLIENT - Is anyone connected
  6. What you are looking for are the networks where WPS is set to "Yes".
  7. Press CTRL and C at the same time
  8. Enter the number (NUM) of the Wi-Fi network you wish to attempt to crack
  9. Wait as wifite does it stuff

Wifite isn't quick. In fact it can take hours and hours before it finally cracks the password, but in most occasions it will work.

There is a real nasty surprise here as well. You don't just get to see the WPS PIN code, you get to see the actual Wi-Fi password.

You can now connect to this network using absolutely any device.

Does It Matter If Somebody Uses Your Wi-Fi Connection? 

Yes! Seriously, here's what someone can do if they have access to your Wi-Fi connection (with the right software):

  • View all traffic sent to and from your computer over HTTP
  • Download illegal content using your network. 
  • Attempt to hack your actual computer
  • Attempt to access network shared hard drives on your home network
  • If you have the default user and password set on the router they can access your router's settings and change them
  • Perform a man in the middle attack by altering data sent from and to your computer

How to Turn Off WPS

Here's how to turn off the WPS for each of these routers.

Apple Airport

  • WPS is not available for Apple Airport devices so you should already be protected.

ASUS

  1. Open a web browser and type 192.168.1.1
  2. Enter the administrator username and password (defaults username:admin password:admin)
  3. Click advanced settings -> Wireless
  4. Choose WPS from the tab
  5. Move the slider next to Enable WPS to the OFF position

Belkin

  1. Open a web browser and type 192.168.2.1 (or http://router)
  2. Click login in the top right corner
  3. Enter the router's password (default, leave blank) and click submit
  4. Click Wi-Fi Protected Setup under the Wireless menu on the left side of the screen
  5. Change the Wi-fI Protected Setup drop-down list option to "Disabled"
  6. Click "Apply Changes"

Buffalo

  • Buffalo routers are not affected by the WPS issue.

Cisco Systems

  1. Open a web browser and enter the IP address for your router. Cisco have loads of different options so visit this page to get both the IP address and default usernames and passwords
  2. Click Wireless -> Wi-Fi Protected Setup from the menu
  3. Click "Off" to disable WPS
  4. Click "Save" to apply your settings

D-Link

  1. Open a web browser and type 192.168.1.1 into the address bar
  2. Login to the setup (default username: admin password: leave empty)
  3. Click the setup tab
  4. Remove the check next to enable in Wi-Fi Protected Setup
  5. Click "Save settings"

Netgear

  1. Open a web browser and type www.routerlogin.net
  2. Enter the username and password (default username: admin password: password)
  3. Click Advanced Setup and select Wireless Settings
  4. Under WPS Settings place a check in the "Disable Router's Pin" box.
  5. Click "Apply"

Trendnet

  1. Open a web browser and type 192.168.10.1
  2. Login to the router settings page (default username: admin password: admin)
  3. Click WPS under the Wireless menu
  4. Change the WPS drop-down list option to "Disable"
  5. Click Apply

ZyXEL

  1. Open a web browser and type 192.168.0.1
  2. Login to the router settings (default username: admin password: 1234)
  3. Click "Wireless Setup"
  4. Click WPS
  5. Click the blue button to disable WPS

Linksys

  • In theory Linksys routers are no longer affected by this issue. You cannot turn off WPS but Linksys routers prevent brute force attacks on the PIN so resist the sort of attempts made by programs such as Wifite and Reaver.

Other Routers

  • If you have a different router to the ones listed above, just search the web for the brand and default login information and you'll be able to find the default IP address. Once you've logged into the router settings page look for Wi-Fi Protected Setup and disable it.


    In theory just turning off the pin feature will work, but in my opinion you should just turn off the whole feature.