You just got a new wireless router for Christmas, but when you set it up it asks about wireless security. Do you want WEP, WPA, WPA2 or any of the other alphabet soup options they give? While it’s easiest to just pick the default setting, are you setting yourself up for trouble from aspiring hackers? And what about the new WPS hack tool – called Reaver – does that make things worse?
Increasingly, home networks use wireless to avoid poking holes in walls to route Cat5/6 cable and install jack faceplates. If you live in an apartment, condo, or other rental, modifications of this type may not endear you to the landlord. But with wireless routers widely available with good range that can reach through walls and doors, a modern wireless router can work well enough to reach around your whole house and allow anyone to connect.
But what if that “anyone” is someone driving down the street, anonymously using your connection to do who-knows-what, which might be attributed to you? There was recently an episode in Buffalo, NY where law enforcement broke in and accused a hapless (and startled) home occupant who’s wireless was being used by a neighbor to do nefarious acts without his knowledge.
Many people never set a password to protect their WiFi, after all it's just one more password to remember, right? And your neighbors aren’t THAT evil (you hope). On the other hand, if the neighbors use your internet, it could make everything slow down, and if they get malware, it can spread to computers in your house and leave some unwanted gifts which can be quite painful.
Let’s start with WEP (Wired Equivalent Privacy). WEP is a vast improvement over no password. Think of it like a car with at least the doors locked. The door locks might not be the ultimate in security, but lacking even basic door locks leaves you wide open to thieves, so it’s better than nothing. It will deter simplistic thieves as they may look for other easier opportunities. But if they wanted to crack it, WEP won’t give them much of a workout. Using modern tools, WEP can be cracked in a few minutes, and you’d have a mistaken sense of security that your home and network are protected. So let’s move up the security chain to something beefier that’s also an option on most modern routers, WPA.
WPA, short for Wi-Fi Protected Access, is tougher to crack. WPA2 was later added, making it even more difficult by toughening the encryption used on the traffic from your computer to the router. This makes it much more difficult for bad actors to intercept and trick your internet traffic into going places other than where you intend. If you have the choice, this is definitely an improvement over WEP, so use this at a minimum, preferably WPA2 if you have the option. Some routers also will give an option of TKIP vs. AES, use AES if you have the choice, it’s more secure.
But now, WPA is being cracked by a new tool released called Reaver, which allows cracking attempts on the WiFi Protected Setup (WPS), which is a tool on many newer wireless routers that allows a shorter passphrase to be entered, but also allows brute-force attacks to be much easier, since fewer characters would be required to crack. Since it affects many models of wireless router, manufacturers will be working on patches.
There’s no such thing as perfect security, it’s a game of cat-and-mouse. Exploits will always be a nuisance for network security folks, and the Reaver tool shows that network designers still have their work cut out for them to keep patches current. But while they’re busy finding solutions, WPA2 still remains a much more secure way to protect your home network than older methods, and it’s pretty simple to use. If scammers go looking for networks to crack and they see WPA2 in place on your router, chances are they’ll look elsewhere, like to your neighbor’s router that has no protection at all.
Author Cameron Camp, ESET