WPS Backdoor, Why Your Wireless Network Might Not Be as Secure as you Think

This is a guest post by Broadband Choices. If you are interested to guest post in this blog, just head over to the Guest Post Guidelines.


Internet browsing is a private affair, we exchange important and sometimes confidential information across the web to numerous services, so most people would rather know that their wireless network is safe from the intrusion of others.

Wi-Fi Protected Setup (WPS) was introduced to solve the serious security problems of WEP. WPS employs a PIN system aimed at increasing usability as well as security.

It has turned out that WPS is not as watertight as it first seemed, although all their failsafe’s and developments are still working, Stefan Viehbock, as recently as December of 2011, found the system has an inherent flaw that means crackers can actually figure out PINs with minimal effort. In fact, a program called Reaver has even been developed to demonstrate this.

Image: Master isolated images / FreeDigitalPhotos.net

The flaw lies in the fact that when a PIN is being verified it needs to be sent between the enrollee and the registrar, the registrar reports on the success of pieces of information separately, rather than as a whole. This means that, rather than having to guess an entire eight digit PIN, Reaver can work through the numbers in stages to build up to the full PIN, much like a traditional safe cracker, listening for each individual ‘click’ as they hit the right number on a combination dial.

The Reaver tool can test through and figure out an eight digit WPS PIN in a matter of hours, meaning that the WPS system brought in to sure up Wi-Fi security might actually have left them more vulnerable than ever.

This backdoor route being exploited by Reaver has existed since WPS was implemented but its potential for exploitation has only very recently been discovered. So, as of yet, there seem to be few effective means of mitigating the Reaver’s advances.

Disabling WPS

Some routers have the option of disabling the PIN WPS function, this will stop the Reaver, but still leave your router’s WEP passwords open for attack, which were the very weaknesses that WPS was brought in to stop. Regardless of whether or not disabling WPS will make your Wi-Fi more secure, many routers don’t allow the option anyway. On the majority of Wi-Fi routers WPS is mandatory.

Using WPA2? You May Still be at Risk

If your router supports a form of Wi-Fi encryption that is harder to crack, such as WPA2, but your router has WPS as default, we are still at risk, as using Reaver and the WPS PIN method to crack a Wi-Fi signal, negates the need for cracking WPA2 (or WEP).

Of course you always have the option of completely disabling the wireless network, and relying on cat5 cabling; however this solution seems a little like throwing out the baby with the bathwater.

3 Stikes and Your Out!

The last option is for devices to initiate a device lock out following successive failed attempts at the PIN. This still won’t secure you completely, but it will make the WPS cracking process longer and therefore crackers might be less inclined to persevere with your Wi-Fi network and instead move onto another that won’t lock them out after ‘x’ attempts.

All in all Reaver is a new tool that will take advantage of a serious security loophole in any router that has WPS enabled.

There seem to be very few ways to manage the risks directly, so until any new responses or updates are introduced to wireless routers, it would be wise to check to see if your router admin settings allow you to disable WPS completely, or at the very least, set the router to lock out any device that fails to get the correct PIN after more than 3 or 4 attempts.


About the AuthorBroadband Choices, the guest post authors of this article, are a UK based consumer advice and comparison company based in London, UK.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. 5 Security Tips to Prevent Your Wireless Broadband Network from Being Hacked
  2. 5 Tips to Secure Your Home Wireless Network
  3. What Are the Different Wireless Network Security Settings? Which One Should I Use?

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)