vulnerabilities
Danger from hackers: Warentest warns of certain mobile WiFi hotspots
Stiftung Warentest is currently testing mobile WiFi hotspots. Even before the results are announced, the testers feel compelled to issue a warning.
© Aramyan / Getty Images
With a WLAN hotspot, it is essential that data and access are protected from external influences. During ongoing tests, Stiftung Warentest found that devices from three major manufacturers had glaring problems.
There are currently 14 mobile WLAN hotspots in the Stiftung Warentest laboratories. The results should come in a few weeks. Unusually early, the experts provide an insight into the ongoing tests – and issue a warning. In three devices, writes Stiftung Warentestsecurity holes were found in connection with the simplified network access called Wi-Fi Protected Setup (WPS).
Stiftung Warentest recommends disabling certain functions
According to the product test, the devices “Asus 4G-N16 Wireless-N300 LTE Modem Router”, “D-Link DWR-933 4G/LTE Cat 6 Wi-Fi Hotspot” and “TP-Link Archer MR500 4G+ Cat6 AC1200 WLAN Dual Band Gigabit” are affected router”. Security gaps were found in the delivery state of these mobile WLAN hotspots, which would enable hackers to carry out various attacks via WPS. Within the wireless network range of the devices, it is therefore possible to eavesdrop on communications, steal data and even use the hotspot as an Internet access point without a password in order to pursue illegal activities at a false address.
Luckily, the problem can be easily eliminated with two devices, because the vulnerability can be switched off: Anyone who disables the WPS function in the system settings of Asus and TP-Link is immediately on the safe side, they say. If you go online via the mobile WiFi hotspot from D-Link, things look different: the security gap is still wide open even if you don’t use WPS. Warentest writes that it may help to change the standard PIN for access via WPS.
Updates already released or in progress
Stiftung Warentest reports that the finds were immediately reported to the manufacturers and the Federal Office for Information Security (BSI). TP-Link has now confirmed this with its own company report and has already published one for the affected device updates.
Asus and D-Link did not remain idle either. D-Link also wants to deliver an update this week, Asus stated that they want to do this “as soon as possible” and, in accordance with the recommendation of the Stiftung Warentest, recommends switching off WPS by then.
This is not the first time Wi-Fi Protected Setup (WPS) has been criticized for being an insecure access technology for all types of WiFi routers. The usually very simple PIN in particular can be found out relatively quickly by attackers. On the other hand, there is only a very limited benefit, because both Apple and Google do not support WPS (anymore). Only Windows laptops benefit from password-free WiFi access.