WPS. Three acronyms meaning Wifi Protected Setup. Three acronyms that we find next to a small button present in most routers available on the market.
But what exactly is WPS, how is it activated and what can we use it for? Is this an option that strengthens the security of the Wifi network, as its name seems to indicate? Not exactly. In fact, it is a standard that seeks to facilitate the creation of local area wireless networks, better known as WLANs. In other words, it consists of a series of mechanisms to create an internal network, at home or in the office, in a simple and secure way. At least, that’s how it was at first.
The origin of the standard wifi protected setup
The definition of the standard Wifi Proteced Setup goes back to the old age of the internet. I mean, more than 10 years ago. When broadband became commonplace in much of the connected homes. But the fiber optic thing with hundreds of Mbps sounded to us in the distant future. In 2007, the Wi-Fi Alliance, an organization of companies that promote this wireless technology and certify its products, put the WPS standard on the table.
“The Wifi Protected Setup standard allows the average user who has little understanding of the details of the Wifi settings and security settings to automatically set up new wireless networks, add new devices and activate security,” the organization said. The main target at the time was companies. It was intended that anyone in the office could add devices to the local network and could modify the security processes without always having to resort to the support of the technical staff.
Until then, users had to manually create the wireless network name (SSID) and manually enter the security key on each access point to prevent unwanted access. With WPS, SSID, encryption, and authentication protocols are automatically configured. In other words, the WPS standard is not a security system in itself, but defines the mechanisms by which different devices on a network obtain the necessary credentials.
What the WPS are for (and what its drawbacks are)
The main advantage of the WPS function of routers is the simplification of things. This standard gives us a secure way to connect to a local Wi-Fi network without having to type the typical wireless network password of up to 63 characters. Here are its other advantages:
- Automatic configuration of the network name and security key.
- Establishing random keys to strengthen security.
- Network information and credentials are securely exchanged using The Extensible Authentication Protocol (EAP).
However, all these facilities and safety are accompanied by a great disadvantage. One that has been known since 2011 thanks to the work of Stefan Viehbsck. The WPS standard drags a type of vulnerability. That is, there is a way to bypass the protection barriers, guess the PIN and access the home network. To fix this, there are other ways to use this standard (which we’ll explain later) without compromising the security of our network.
And it is that Stefan Viehbsck’s vulnerability affects only the automatic WPS system. The one that activates pressing the WPS button on the router and using the WPS connection on the device to connect, using a PIN instead of the full password. The problem is given because the router, when the PIN is entered, indicates whether the first or second half of the key is correct. Thus, by means of a brute force attack, that is, by testing one PIN after another randomly, you can discover the key.
How to connect to wifi with wps
As we just saw, the vulnerability affects automatic systems that work by means of a PIN that must be entered manually on the device. But, actually, there are three other ways to use the WPS standard to connect to the local Wi-Fi network. The two main ones are PIN and PBC. In the first, as we’ve seen, there has to be a PIN assigned to each item that’s going to connect to the network. And it’s not safe. So you’d better not use it.
The second, Push button configuration or PBC, is the most recommended. To use it, if we are on a computer, when trying to access the network will tell us something like “You can also connect by pressing the button on the router”. At that point we press the WPS button on the router (it will have a logo similar to the one in the image below) for a couple of seconds; and the automatic credential exchange will begin.
If we’re on a smartphone, things change a little bit. THE WPS connection only works with Android 8.0 or lower mobile devices. In more modern models it no longer works (it was removed due to its vulnerability). Otherwise, the process works in a similar way to that of the computer. Press the router button and access, in the smartphone settings, Wifi > Settings > Advanced > WPS pushbutton.
In addition to the PIN and PBC methods there are two others, although they do not yet have certification. NFC (in which credentials are shared using RFID or radio frequency identification connectivity) and USB (credentials are transferred by memory).