What is WPS and how does it make your WiFi insecure?
WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA Personal or WPA2 Personal security. WPS doesn't provide support for wireless networks using the deprecated WEP security.
WPS was created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.
How to connect home network with WPS?
Most home users should be using WPA2-Personal, also known as WPA2-PSK. The PSK stands for pre-shared key. You set up a wireless passphrase on your router and then provide that same passphrase on each device you connect to your WI-Fi network. This essentially gives you a password that protects your Wi-FI network from unauthorized access. The router derives an encryption key from your passphrase, which it uses to encrypt your wireless network traffic to ensure people without the key can't eavesdrop on it.
This can be a bit inconvenient, as you have to enter your passphrase on each new device you connect. Wi-FI Protected Setup (WPS), was created to solve this problem. When you connect to a router with WPS enabled, you'll see a message saying you can use an easier way to connect rather than entering your Wi-Fi passphrase.
WPS is insecure
A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the WPS PIN feature, although this may not be possible on some router models.
The router has a eight-digit PIN that you need to enter on your devices to connect. Rather than check the entire eight-digit PIN at once, the router checks the first four digits separately from the last four digits. This makes WPS PINs very easy to brute force by guessing different combinations. There are only 11,000 possible four-digit codes, and once the brute force software gets the first four digits right, the attacker can move on to the rest of the digits.
Instead of entering a PIN or passphrase, you can simply push a physical button on the router after trying to connect. This is more secure, as devices can only connect with this method for a few minutes after the button is pressed or after a single devices connects. It won't be active and available to exploit all the time, as a WPS PIN is. Push-button-connect seems largely secure, with the only vulnerability being that anyone with physical access to the router could push the button and connect, even if they didn't know the Wi-Fi passphrase.