Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I know if someone unauthorised has WPS-connected to my WiFi?


  • Please log in to reply
11 replies to this topic

#1 Itchy01

Itchy01

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 November 2015 - 07:11 AM

I have also posted this on Telstra's CrowdSupport Forum, but am trying to reach as wide as possible an audience.

 

We have a BigPond Wi-Fi 4G Advanced II AirCard 790S (Netgear).

 

I suspect (though I cannot say for sure) a recent visitor may have added a device to our wifi by WPS (probably pairing).

 

I may just be being paranoid and he did nothing of the sort. But, I have these questions:

 

(1): Is there any way I can find out if a device has been connected to this (AC790s) hotspot by WPS?

(2): Can WPS be disabled on the AC790s?

(3): Will returning to factory settings remove any WPS connection?

 

One respondent on CrowdSupport has said WPS can be turned off in the settings for the device but I cannot find any facility of the sort in the AirCard 790s Manager.

 

Cheers

 

ausgumbie



BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:36 PM

Posted 10 November 2015 - 09:23 AM

The owner's manual for your device can be found here.  According to the information presented on PDF pages 101 & 102 a device reset will cause all devices with internet connections to be disconnected.  It is unclear, though, if you originally connected them to the hotspot that was used with "out of the box" factory settings whether they will be able to reconnect on their own.  In every situation I've known where a device was manually connected with the device's network password, if that password is the one printed on the device label they'll all be able to connect again.  I'm not sure about WPS pairings.  You could experiment by connecting one of your own devices via WPS then doing the hotspot reset.

 

I wasn't able to find the phrase "disable WPS" and didn't read through the whole document.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#3 Itchy01

Itchy01
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 November 2015 - 03:35 PM

Thanks,


When we got the hotspot originally, the hotspot's name (I gather the Main name) was displayed on the "top" screen with a numerical password eight digits long.


We then changed that password to a personalised one and, ironically, so visitors couldn't see it, hid the hotspot name and password on the screen that everyone sees.


If a factory reset is done, will the original screen (with visible factory password) be restored? If not, I have to hope the factory pw is one I seem to have written down. Otherwise, we're in strife I think.


Cheers


Itchy01*

(* Used wrong nickname on last post. "ausgumbie" is for another forum. Must remember who I am).



#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:36 PM

Posted 10 November 2015 - 04:22 PM

I have yet to see an instance when a router/hotspot full reset according to the instruction manual doesn't put it back into precisely the state is was in when it came out of the box and you first turned it on.

 

I will not say that there is not some exception out there, but if it exists I haven't personally encountered it nor any tales of woe related to a factory reset that didn't put everything back to its initial state.

 

If it's possible, it makes a lot more sense to just place the hotspot somewhere that the world at large simply cannot see it after you get it reset.  The signal from these things carries quite well, in general and they can be tucked in a deep, dark corner several rooms away.  If you're taking it on the move with you just get a small lightweight fabric pouch to keep it in.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#5 Itchy01

Itchy01
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 November 2015 - 10:24 PM

Thanks Britechguy

 

The factory reset was done without problems. As it was initially, the original password was on the 'public screen'. (Bless). We hid it after all devices were connected.

 

For time's sake, we weren't able to do the experiment you suggested - we'll just have to hope no one can log in again, since the pairing (if it did occur) happened long after we'd changed the factory password to a personalised one.

 

We changed both WiFi Name and Password. Greater care will be taken in its placement.

 

One final question. To the best of your knowledge/experience, do devices which have been connected by WPS show up in the "number of devices" or (in the case of the browser page) be named on the Overview page when accessing the hotspot?

 

Many thanks

 

Itchy01



#6 JohnC_21

JohnC_21

  • Members
  • 22,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 11 November 2015 - 10:01 AM

Its best to not use WPS as it is not secure and it should be disabled if possible. It is also best to disable remote access in the router settings. 

 

http://www.howtogeek.com/176124/wi-fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it/



#7 Itchy01

Itchy01
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 11 November 2015 - 06:07 PM

Its best to not use WPS as it is not secure and it should be disabled if possible. It is also best to disable remote access in the router settings.

 

Many thanks JohnC_21,

 

Unfortunately, AC790s doesn't give you a choice of disabling WPS. While I don't like bagging my home country, Australia really seems at times a technologically naiive place. (Telstra is what you might call our "national carrier" ISP). The link also was much appreciated. It made me check UPnP which - to my relief - was disabled by default on the hotspot.

 

Quick question: You said "It is also best to disable remote access in the router settings". Did you mean UPnP or something else? In the AC790s Router settings (via browser manager) there isn't anything called "Remote Access" or similar.

 

Cheers

 

Itchy01


Edited by Itchy01, 11 November 2015 - 06:12 PM.


#8 JohnC_21

JohnC_21

  • Members
  • 22,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 11 November 2015 - 06:43 PM

Remote access isn't related to UPnP. Disabling it prevents access to the Router via the internet. You can only access the Router settings via a direct Ethernet connection.

 

Sorry, I was thinking this was a wireless router, not the device I see in the manual. You settings most likely do not have Remote Access. From page 38 of the manual britechguy posted it looks like you cannot remove the ability to connect to the device wirelessly. Just make sure your password is strong.

 

On page 37 you can restrict the number of devices connected to the hotspot. I would provide the minimum you need.

 

On page 44 you can whitelist only the devices you want to connect by inputting their MAC addresses.

 

http://www.laptopmag.com/articles/find-mac-address-windows-10


Edited by JohnC_21, 11 November 2015 - 06:44 PM.


#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:36 PM

Posted 11 November 2015 - 07:25 PM

The owner's manual shows that the only WPS method available on this hotspot is "button press" type (whether on it's touch screen or via the web interface).  Without physical access to the device (or the ability to log in to its administrative functions) you can't connect to it via WPS.  Of the various WPS methods this one is by far the most secure.

 

I would not be concerning myself too much about the WPS on your hotspot.  The likelihood of someone taking physical control of the device and knowing how to do the connect sequence quickly should be very, very small.

 

OOPS:  I hadn't read quite far enough.  It does support WPS PIN, too.  Still, your main worry about controlling WPS connections is keeping physical control of the hotspot.


Edited by britechguy, 11 November 2015 - 07:30 PM.

Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#10 Itchy01

Itchy01
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 12 November 2015 - 03:02 PM

Thanks both

 

My mistake had actually been (carelessly and stupidly) leaving the hotspot out in the open and visible in the presence of a visitor (a tradesman) whom I became uneasy about later for whatever reasons. But the main thing was realising I had been distracted during his time in the house and he could have had access to my hotspot while my back was turned.  I admit there's a lot of far-fetched "ifs" and "could haves" in this scenario, but there it is.

 

As to time needed to WPS-connect to the hotspot, if you're someone who is familiar with it (and they have been around since November last year and are popular here) it's four taps on the device's face to press the "pair devices" button and return to home screen. About 3 seconds and simply walk away from the hotspot. You then have 2 minutes to hit the WPS button on your own device that you want to pair. And that's something you could even do openly - everyone fiddles with their mobile nowadays and few would ask what you were doing.

 

It would take a pretty brazen person to do all this but we get a lot of those nowadays. Especially us older folk. Anyone wanting to join you on your wifi isn't after a bit of free service - they're after identity and financial details. I don't know about the US - I hope it's different - but in Australia you tend to get at least one scamming phone call a day (true!), scam door-knockers about once a month, and phishing emails a bit less frequently if you're lucky. There's a lot of predation on the vulnerable and elderly. And the attitudes and responses of our authorities and private sector to this really don't do our country much credit.

 

The remedy, as you rightly point out, is to physically ensure no one but those you want to can get their hands on the hotspot. I will certainly now be more careful in future, but there's always that day you forget. Having that WPS facility on the AC790S with no option to turn it off is (IMHO) appalling madness.

 

Restricting the number of devices and whitelisting the ones allowed is a good suggestion and I'll be following it up.

 

I'm happy if this thread keeps running for a bit and any new thoughts about AC790S security will be followed with definite interest.

 

Cheers

 

Itchy01 


Edited by Itchy01, 12 November 2015 - 07:08 PM.


#11 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,832 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:36 PM

Posted 12 November 2015 - 03:08 PM

Well, unless said tradesman is seen lurking around your house within signal reach of your hotspot there's not much to worry about anyway, even if he did do a WPS setup on a device.

 

There is the reasonably probable and the remotely possible, and one can drive oneself mad if one decides to focus on every remote possibility.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#12 Itchy01

Itchy01
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 12 November 2015 - 04:16 PM

Yes, britechguy, that is true. At the end of the day you have to go with the reasonably probable. It's the only way you can get on with life.

 

Cheers

 

Itchy01






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users