Is there WPS vulnerability fix for Linksys WiFi routers

[servan$]

In the cisco official forums they have indicated that all the WPS protocol contains vulnerability, which could be design flaw. I think that this flow could lead to an exploit. All those WiFi routers which are WPS enabled vulnerable to this. I think all the Linksys. Within an hour these wifi routers can be crackable by anyone. If you have an option to switch off WPS, then you are secure but most of the models don’t have this option. Is there any firmware upgrade to fix the problem?

Right now I own WRT160Nv3.

[Kakashi Hatake]

Yes, it is true that there is a security flaw. Here is the brief summary.

• WPS contains design flaw which cannot be fixable.
• There is no way that the WPS can be switched off on several routers in any manner. Those routers are easily vulnerable to hackers or crackers as long as WPS turned on
• Yet there is no news about the Firmware upgrade.

[Dalajit]

Every cisco Linksys wifi router use knows that it is a major vulnerability. It is really a major design failure saying that there is no option to disable WPS, not even the alternative way. I am looking forward to hear something from Cisco. I hope that they are planning to address this issue. All you need to do is disable the Wireless if u think you are not secure and wait for an update or patch.

[Rance]

Yesterday I have took a look into the backtrack forums. There someone told that it is not impossible to crack insecure WPS. But it is only possible when you set the linksys to "Wireless-N Only" Network Mode. If you have set it to “Mixed". Mode, then surely anyone can crack it easily. The latest information is that most of the long-range specific hacking tools only work with 802.11b/g.

[Swiz]

It is clearly CISCO's fault. Everyone thought that Cisco Firmware implies functionality but here is the different case. Cisco seems irresponsible for its things. I am using the E3000 which previously has a disable WPS "switch". According to CISCO Support it should work but in my case does not disable WPS. It is also a doubtful thing that Home product user get a certain or good technical support from Cisco. I never got so far.

[Bjork]

The E3000 is an EOL legacy linksys product now having been replaced by the E3200. You may get lucky and linksys will issue updated firmware updates for all the many older wireless routers affected by the WPS exploit in a few months. Otherwise, you should consider a third-party open source solution if you want to 100% secure your wireless network from any type of exploit...

[Caelyn]

The Cisco issued warning by listing the products those could be open to Reaver attacks. However the Cisco does not list Linksys business unit products.

Those Wi-fi routers which contains WPS 1.0 standard causes a 60-second lockout if there three unsuccessful attempts for authentication from any devices which is requesting to connect. This feature might help you to slow down an attack.

In order to prevent potential attacks, one disable WPS feature. But there is no guarantee about that because the access point which is already under attack would continue even after WPS disabled

[Baijayanthi]

Actually this design flaw is a hole in the Wi-Fi router’s Wi-Fi Protected Setup (WPS) protocol. This exploit can easily happens when routers and devices operating in PIN External Registrar mode. In order to do authentication between the devices and the WPS client, one need to enter the correct WPS PIN for the secured network. However this vulnerability may allow unauthenticated user or any remote attacker to brute force the WPS configuration PIN. This could lead to heavy damage on the secured network.

[Eeshwari3]

I have an alternate solution for your problem. You can easily limit access to the wireless network through individual MAC filtering. For that you only need to manually add the MAC address of the devices which are authorized. List those devices in the router. No other device can able to connect, if they are not listed. Even if you enter the correct PIN or not, there is no way you can connect to that secure network. I think it is the better option for you.

[Bhuvana21]

Nowadays the MAC filtering isn't more secured. Sniffing out MACs and spoofing is very easy in present days. There several free tools available which can do the task easily. Actually the idea wasn’t the bad but it is not 100% secure.