dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2550
share rss forum feed

thataboi

join:2004-03-09
Springfield, OR

Regaurding WPS vurnability

As everyone knows this is a huge problem now. I have a router Linksys 54g2 1.5v that cannot use third party firmware. After turning it to manual setup this should have turned off the WPS, but it doesn't and it allows brute force attacks to still go through. Now with that said, I just don't see how linksys is going to come up with a magical firmware to fix an issue that clearly seems like a hardware issue now. If it doesn't turn off by switching to manual setup, it would seem that it doesn't matter how you program a new firmware with a simple on/off value is in anyway going to still turn off a reluctant router that ignores those and doesn't turn off. You know what I mean? In all honesty I doubt there will be a fix because it seems this is hardware component level circuitry design flaw that no software can fix.

With that said, I still feel Cisco/Linksys should rightfully be held responsible for such failure. I can see this growing into a possible class action lawsuit. The only solution would be to offer a trade-in of defective device for one that doesn't have this problem. What say you?



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

I would suggest that this was an EOL product before the exploit came along. At best, turn off your wifi when not needed. At worst, replace the unit with something current.
--
Better to have it and not need it, then need it and not have it.


thataboi

join:2004-03-09
Springfield, OR

1 recommendation

How can this be a EOL product when they still sell them?? They're reliable anyway you look at it. Just turn off the WiFi is not an acceptable solution. It defeats the purpose of owning and using a wifi router. I think you're missing the point here CISCO/LINKSYS should be sending me a new unit FREE of charge! Other customers and models will probably be in the same boat. I can see the attorney's licking their chops lol. They messed up and they gotta come clean on it. Otherwise the wolves will be coming and their hungry.


Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to thataboi

WPS itself is vulnerable and there are no vendors that would be able to "fix" the vulnerability. Instead, vendors are providing compensating workarounds, including the ability to disable WPS (truly disable) as well as automated lockouts after a sequence of failed attempts.

A hardware/router replacement is not required and firmware updates are being provided, albeit very slowly, by Cisco for their Linksys branded products. Status for all models may be found at »www6.nohold.net/Cisco2/ukp.aspx?···id=25154.

More details may be found in the Linksys forum: »WPS / Reaver



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by Shady Bimmer:

A hardware/router replacement is not required and firmware updates are being provided, albeit very slowly, by Cisco for their Linksys branded products. Status for all models may be found at »www6.nohold.net/Cisco2/ukp.aspx?···id=25154.

My oh my, an optimist (not many of you still around).

A word to the wise (whether you are an optimist or a pessimist). If your Cisco/Linksys router/AP is not on that list, or if its status is "TBD", don't hold your breath while waiting for a firmware update.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


heelyeah
Premium
join:2004-02-11
Raleigh, NC
reply to thataboi

25 bucks for this router, just load DD-WRT and no more problems

»www.amazon.com/ASUS-RT-N10-Wirel···8&sr=8-5



jibudada

@airtelbroadband.in
reply to thataboi

you can overcome this problem by simply off the wps options.
it has nothing to do with performance of router
»www.securitytube.net/video/2661



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by jibudada :

you can overcome this problem by simply off the wps options.
it has nothing to do with performance of router
»www.securitytube.net/video/2661

Just keep repeating that over and over. I'm sure that you will reel in a few victims if you are persistent enough with your mantra.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

thataboi

join:2004-03-09
Springfield, OR
reply to thataboi

Even turning off WPS the router is still vulnerable and it cannot use 3rd party firmware. I doubt they can fix these because it's hardware related as well. Coding new firmware with a on/off feature is easy. Some routers you can do it but others may not have the ability physically through hardware to do it. So with many routers on that list coding that on/off toggle switch doesn't do squat. So they're just doing what they can and leaving the rest of us hung out to dry. Which leads me to saying wtf is my voucher to get a refund or to get a new one?? It's time they face the music and quit trying to hide from this and leaving everyone in the dark. Are they going to get the ball rolling or are we left with a class action lawsuit?