Networking – How to configure the Linksys routers to resist the WPS brute-force vulnerability

US-CERT recently released Vulnerability Note VU#723755.

http://www.kb.cert.org/vuls/id/723755

In short, this describes how modern wireless routers can have their PSKs discovered within just a matter of hours – even if they're using WPA2 with a strong PSK.

The exploit is done by abusing a design flaw in the Wi-Fi Protected Setup (WPS) feature that is common to most routers. The WPS PIN can be (relatively) easily brute-forced, and this can lead to revelation of the WPA2 PSK. This remains effective even if the victim changes their PSK. The only known work-around is to disable the WPS feature.

I personally don't use the WPS feature at all. I use randomly-generated 63-character PSKs which I either manually enter or cut-and-paste to client devices. The fact that there is a side-channel attack which can easily circumvent this protection bothers me a bit. So, I'd like to disable the WPS feature as suggested.

However, on my Linksys routers (WRT400N and E3000), I can't see a way to do that.

When I go to the Wireless section of my routers' configuration sites, (both appear the same, in regards to this post) I see this:

Below that is my basic wireless radio configuration options (Network Mode, Network Name (SSID), Channel Width, Wide Channel, Standard Channel, SSID Broadcast) for each of the 2.4 and 5 GHz bands. Nothing here, aside from the Wi-Fi Protected Setup radio button, addresses anything related to security.

If I go to the Wireless Security section, I only see the options for configuring my passphrase on each band. No mention of Wi-Fi Protected Setup in there.

However, if I select the Wi-Fi Protected Setup radio button under Basic Wireless Settings, I see this:

Obviously, I've obscured the PIN here. Also, below this section are configuration details of the WPA2 PSKs for each radio band. The key element I'm concerned with though, is where it says "Wi-Fi Protected Setup Status: Configured". Does this mean that my router still has the WPS service active, despite the fact that I'm not using it? If so, how can I disable it on this router? Is there an option I'm missing?

NOTE: I've checked and found a firmware update for the WRT400N, but the E3000 is already running the most current version. Also, I don't see anything in the Release Notes for the WRT400N's update which seems to be addressing my issue.