Reply
RockSockDoc
Posts: 11
Registered: ‎05-14-2012
Accepted Solution

Does the WRT54Gv4 (1.02.8) disable Secure Easy Setup (SES) aka Wi-Fi Protected Access (WPA) or not?

[ Edited ]

My router went default through no action of my own & in researching how access can be gained in an otherwise secure router, I found about the wide-open hole in the default setup in most routers available today:

- http://www.kb.cert.org/vuls/id/723755

 

According to Wikipedia http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
"The flaw allows a remote attacker to recover the WPS PIN and, with it, the network's WPA/WPA2 pre-shared key in a few hours".

 

Cisco/Linksys are aware of the vulnerability but I've seen no recent updates:

- http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps

 

Specifically, nothing on the web shows a solution for the WRT54Gv5:

- http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154

Note: This list is also in the sticky article by "Vince" titled: WPS Vulnerability status update for Linksys devices

 but, unfortunately, that list hasn't been updated in months - and - even so - it doesn't list my WRT54Gv5 router anyway.

 

In fact, indications are that disabling Secure Easy Setup (SES) doesn't actually disable anything (in some cases):

- http://homecommunity.cisco.com/t5/Wireless-Routers/WRT54G-Secure-Easy-Setup-SES-Security-Vulnerabili...

 

Worse yet, I called Cisco customer support:

-  1-877-770-4113  They didn't know what I was talking about

- 1-800-326-7114 Cisco Consumer Support for Linksys (they opened a ticket for me)

 

The weirdest thing that came out of that support ticket was that the support guy came back (after he left the phone for about 20 minutes) only to say that disabling the Secure Easy Setup (SES) option actually makes the router even MORE vulnerable.


When I pressed for some kind of explanation of this perplexing problem - he said for me to ask here on the forum.

 

OK. I'm asking ... :smileyhappy:

 

Q: Does setting Secure Easy Setup to "disable" actually disable secure easy setup on the WRT54Gv5 router?

If not ...

Q: What is the recommended way to protect against this vulnerability on the Linksys WRT54Gv5 router

Note: My firmware is updated to the latest revision, 1.02.8.

 

CERT 723755 : Does the Linksys/Cisco WRT54Gv4 (1.02.8) truly disable Secure Easy Setup (aka Wi-Fi Protected Access) ?

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Does the WRT54Gv4 (1.02.8) disable Secure Easy Setup (SES) aka Wi-Fi Protected Access (WPA) or n

1. SES is not WPA. WPA is how the wireless is encrypted. SES is how it is set up.

2. SES is not WPS.

SES generates an SSID and passphrase for you and sets it on the router. You then initiate the connection on the adapter. For that you need to press the SES button again and it will exchange the necessary information with the client.

WPS allows you to connect to a WPA protected wireless network using only a PIN for initial connection.

The WPS security vulnerability does not apply to SES. SES works differently which you can already see only be the fact that you never enter any PIN on the client to establish the connection...
RockSockDoc
Posts: 11
Registered: ‎05-14-2012

How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?

[ Edited ]

Thank you for the correction. I had thought they were equivalent.

I see I was confusing SES with WPA.

Apparently the vulnerability is not in SES, nor in WPA ... but in WPS.

 

Reading Wikipedia on SES, WPA, and WPS, & comparing to what you wrote, I'm still unsure of the very basics.

Is this attempt at the simplest of clarifications correct yet?

 

SES = Secure Easy Setup = an "easy setup feature" (such as the push button on the WRT54Gv5 router)

WPA = Wi-Fi Protected Access = a "security protocol" designed in 1999 to supercede WEP (see also WPA2 & WPA2/PSK)

WPS = Wi-Fi Protected Setup = a "certification standard" that allows 4 methods of easy setup (PIN, button, near-field, usb)

 

Regarding the awful vulnerability flaw, am I correct yet?


SES ==> This is not what's vulnerable with respect to that CERT advisory (http://www.kb.cert.org/vuls/id/723755)

WPA ==> This is not what's vulnerable with respect to that CERT advisory (neither is WPA2, nor WPA2/PSK)

WPS ==> This is what's vulnerable!  (Specifically, the WPS PIN authentication is where the vulnerability lies)


Given that it's the "WPS PIN authentication" which is vulnerable, the question that I was asking is the following:

 

Q: How do we disable WPS pin authentication on the Linksys WRT54Gv5 router (latest firmware 1.02.8)?

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?

The WRT54G does not support WPS. It's not vulnerable to the WPS vulnerability.
Expert
sabretooth
Posts: 5,274
Registered: ‎11-11-2008

Re: How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?

Simple... the WRT54G does not have WPS because it is too old.

RockSockDoc
Posts: 11
Registered: ‎05-14-2012

Re: How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?

> The WRT54G does not support WPS. It's not vulnerable to the WPS vulnerability.
> Simple... the WRT54G does not have WPS because it is too old.

 

Now that's interesting!

Thank you very much for the clarification!

No wonder I can't find the WRT54Gv5 in any of the tables listing how to avoid the vulnerability!

 

But then, that brings up these two questions:

Q: Why didn't Linksys/Cisco customer support simply say so when I had asked them?

Q: And, how does that relate to the fact they said disabling SES would make the router less secure?

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?


RockSockDoc wrote:
But then, that brings up these two questions:

Q: Why didn't Linksys/Cisco customer support simply say so when I had asked them?

Q: And, how does that relate to the fact they said disabling SES would make the router less secure?


1. First level support works by the book and for questions beyond the book answers may vary unless they find a knowledgable 2nd or 3rd level staff to give an accurate answer.

 

2. I don't know what makes them think disabling SES would make the router less secure. I very much doubt it. I can't see why:

 

a. If you disable SES  wireless clients cannot connect to your WPA protected network unless you know the passphrase. It's either you know it or not.

 

b. With SES enabled you have to know the passphrase or you have a Linksys SES-compatible adapter in which case you could learn the passphrase by using SES.

 

Unless something very weird is happening if SES is disabled I would say clearly a. is more secure than b.

 

However, if you use a rather simple passphrase a. may be less secure than b.  as SES uses a random passphrase. But if you use a strong passphrase I would say the manual configuration is more secure than using SES.

 

RockSockDoc
Posts: 11
Registered: ‎05-14-2012

Re: How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?

Thanks for that clarification!

You guys are good (muuuuch better than the official support mechanism).

 

Here's my summary of the answers as they relate to the WRT54Gv5 home broadband router:

0. The WRT54Gv5 is one of the most common routers on the planet.

1. WPS is a "certification standard" (as compared to "SES" which is a setup feature & WPA which is a security protocol).

2. Specifically, the WPS flaw is in its mandatory "pin authentication" mechanism.

3. Since the WRT54Gv5 doesn't implement WPS, it isn't suceptible to this pin-authentication security vulnerability.

4. That's (probably) why I can't find any information on the WRT54Gv5 in the related tables on the web!

5. When I called Cisco/Linksys Customer Support 1-800-326-7114-1-1-1-1, I probably had asked the wrong question.

6. What I should have asked is "Q: Does the WRT54Gv5 support WPS?"

7. Since the answer is "No", I'm not vulnerable to the WPS pin-authentication flaw.

8. Disabling "Secure Easy Setup" should not make me less secure (unless I use an insecure WPA2/PSK passphrase).

 

Thanks for helping me and understanding where I was confused!

 

dibbler
Posts: 3,173
Registered: ‎09-07-2006

Re: How can we disable Wi-Fi Protected Setup (WPS) in the WRT54Gv4 (firmware 1.02.8)?

Yes, WRT54G is a legacy product which does not supports WPS feature. It has a feature of SES which has been explained in the previous post. If you are configuring the router manually then the router has the top security of WPA/WPA2.