Unsecured wireless access point
28 November 2016 No Comments
Just finished configuring a TP-LINK TL-WR841N wireless access point. It also allows wired connections. About 20€ on Amazon. No fuss. Easy installation. I can even contemplate installing OpenWrt. Later. And it is amazing to find out that it ships with 2 vulnerabilities out of the box.
WPS is enabled by default. Its goal is:
to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.
But a major security flow has been found in this protocol in... December 2011. Yep. And it's right there staring at you, in November 2016. Not even just the mandatory push-button to enable it - that may be acceptble - but the permanent, brute-force ready PIN code. Good job.
So I've disabled WPS, and WPA is set to version 2 only, although it still appears as WPA/WPA2 on my network list. I might need to move to OpenWrt sooner than expected. This is 2005 over again, when wardriving was all the rage and wifi access points were unprotected by default, or WEP-crackable at best. Nobody cared back then, and nobody cares today. Or maybe some people do, but they have no idea the appliance they buy is flawed, nor should they. I assume this model is far from being an exception. Not cool.