dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1279

OSUGoose
join:2007-12-27
Columbus, OH
Apple AirPort Extreme (2013)

OSUGoose

Member

Question

I'm reading this to say if you use the WPS option to enter a PIN vs a Key, then your vulnerable. While if you only use the option to Push the button, and the device you want to connect "talks" to the router to share the key, then your ok.

Clairify if I am wrong please.

DataRiker
Premium Member
join:2002-05-19
00000

DataRiker

Premium Member

Pretty much.

Push button models are internal registers and are not affected.

The models with external registers are venerable. I'm guessing but probably 1/3rd of all newer routers have that.

OSUGoose
join:2007-12-27
Columbus, OH
Apple AirPort Extreme (2013)

OSUGoose

Member

Well only reciently have I even started to use routers with tht option, case in point the Pace 411n, Westel/Netgear 7550, and the Samknows/Netgear router. All have buttons on the outside that need held for a few seconds to start the pairing process, those i'm assuming are safe.
sparky57
join:2003-05-18
New Bedford, MA

sparky57

Member

I also have a Samknows/Netgear router and would like to know what I need to do to avoid this problem.

OSUGoose
join:2007-12-27
Columbus, OH

OSUGoose

Member

I think DataRiker was sying were safe, but I'm awaiting clarification on that.
Chubbysumo
join:2009-12-01
Duluth, MN
Ubee E31U2V1
(Software) pfSense
Netgear WNR3500L

Chubbysumo to sparky57

Member

to sparky57
said by sparky57:

I also have a Samknows/Netgear router and would like to know what I need to do to avoid this problem.

I have the samknows netgear WNDR3700, and its got an option to disable the router PIN. Log into your router at 192.168.1.1(default should be admin/password if you have not changed it already, which you should), and poke around the pages until you find it.

Thane_Bitter
Inquire within
Premium Member
join:2005-01-20

Thane_Bitter to OSUGoose

Premium Member

to OSUGoose
You are fine, as you state the only way to start the process is by depressing the button. The flaw only applies to routers which use a PIN system in combination with an external (i.e. client based) registration.

If people have WPS but don't use it, there is no reason why it should be leave that option enabled
WiFu
join:2010-01-07

WiFu to OSUGoose

Member

to OSUGoose
Don't listen to people who give advice without knowing what they're talking about. And don't be that person.

Unfortunately, if a router is certified for WPS it needs to support all three types, not just pushbutton. So, you are probably vulnerable. Just turn off WPS, then you're fine.