Some cleaver guys figured out that there is a flaw in Wi-Fi Protected Setup (WPS). WPS was developed for an easy way to connect devices to a wireless network, by using an eight-digit pin code. WPS is enabled on many routers as default, no matter if they are running WEP, WPA or WPA2 encryption. The flaw basically enables you to bruteforce the pin needed to connect to a wireless network in a matter of hours.
Since I’m a Virgin Media customer I tried this hack with a program called Reaver, on my so-called “Super Hub” from Virgin Media. I seemed to be working, so I start looking for a way to fix this flaw. In a Virgin Media forum other customers was asking how to protect against this flaw as well, and Virgin Medias answer was to turn off the WPS function.
The Super Hub team has been investigating this potential vulnerability alongside our partners Netgear and Broadcom. We’re taking this industry wide issue with the WPS standard very seriously and are working with our partners to see what additional security measures we can implement.
In the meantime both our and Netgear’s testing have confirmed that turning the WPS PIN off in the GUI removes any potential for this vulnerability to affect the Super Hub and Hub. You can switch the WPS PIN off by going into the advanced settings, then the Advanced Wireless Settings menu, ticking the box marked Disable WPS PIN and clicking apply.
Help & Support Forum Manager
So I turned off the WPS feature as instructed, and tried the hack again. The pins still seemed to be accepted when send to the router. I even captured a broadcast packet from the router and had a look at it in Wireshark, and discover that WPS is still set as “Configured”. I posted the result on the forum, and was told that their Super Hub team would have a look at it.
They later emailed me, asking what version of the firmware was running on my router. I told them that it was the newest version – R30. Since then I haven’t heard anything from Virgin Media, I’m starting to think that they would rather just forget the problem than fix it.
Read my original post on Virgin media Help & Support forum here.