Wi-Fi SECURITY

In case you haven’t heard, we wrap up 2011 with the news your wireless home network may not be as secure as you thought.

Not many years ago, home wireless networks typically were unsecure because the manufacturers had been shipping their consumer Wi-Fi routers with encryption disabled.

Now they are shipping their routers with encryption enabled out of the box, but it turns out they have made home configuration a little too easy. Oops.

Fortunately, it requires special software to crack the security code. But unfortunately, if a determined person has that software, they can find out your security passphrase by brute force in just a few hours. And if you have used the same password (passphrase) in your home wireless router that you use for your email, then they can log into your email too – or anything for which you have used that same password, since they now know your favorite password.

The flaw is not with WPA2 security. It is with WPS (Wi-Fi Protected Setup), and the PIN it uses which can be guessed within 11,000 attempts maximum (3 hours, at one guess per second). To see if your newer router supports WPS, look at the label and see if in addition to things like the Serial Number and the MAC Address, it also lists an eight digit PIN. Or logon to the admin interface and see if it has a WPS option.

If your router supports WPS, then turn WPS off so a hacker cannot exploit it. If you need to connect a new device to your home network, then go into the wireless setup and enter your WPA2 passphrase directly – it’s not really that much more difficult than entering an 8 digit PIN. If you really insist on using the PIN (and I don’t know why you would), then only turn WPS on long enough to add the new device, and then shut it back off before some enterprising neighbor breaks in.