Wi-Fi Protected Setup

The WPS button (center, blue) on a wireless router

Wi-Fi Protected Setup ( WPS ) is a standard developed by the Wi-Fi Alliance for the simple construction of a wireless local network with encryption, which has been available since 2007.

The goal of WPS is to make it easy to add devices to an existing network.

functionality

In order to achieve this goal, four different models were developed, which are intended to limit the need for settings by the user:

Pin entry: The device has a sticker or a display for a PIN that must be made known to the registrar (e.g. the access point ) for integration into a network . Alternatively, a PIN must be read from the registrar and entered on the client side.
Push Button Configuration ( PBC , English for configuration at the push of a button ): The access point and the devices to be integrated into the network have a physical or software-implemented button for establishing a connection. If this is pressed, a two-minute phase begins in which such devices can join the network.
USB Flash Drive (UFD): A USB stick is used to transport the network setting data between the access point and the devices to be integrated.
Near Field Communication (NFC): The device to be integrated is brought close to the access point in order to exchange the relevant data using near field communication .

To get WPS certification from the Wi-Fi Alliance, an access point must support at least the first two methods. Wireless devices that act as clients only need to support the first method.

Security issue

In many models, activating the WPS-PIN method in the access point means that a third-party device can establish a connection via a brute force method within a few hours and thus receive the security key regardless of the encryption method used.

Immediately after the connection to the access point has been established, the first 4 digits can be read from the associated eight-digit WPS 1.0 PIN; the remaining 4 PIN digits are tried iteratively, which takes a few minutes to a few hours, depending on the required combination. With the eight-digit PIN determined in this way, the WLAN password is then read out in plain text. It is recommended to disable WPS . After logging in, watch out for signs of unauthorized access to the network and reset the Wi-Fi password if necessary.

Many well-known manufacturers are affected, for example Cisco / Linksys (Note: Linksys was sold to Belkin in 2013 ), Netgear , D-Link , Belkin, Buffalo , Zyxel and Technicolor . The WPS function is still active on some of the affected access points, although it has been deactivated in the settings.

Support in operating systems

MacOS and iOS do not support WPS. WPS support has also been removed from the Google operating system from Android 9 (2018). Microsoft currently supports WPS in Windows 10 (version 2004).

Web links

Homepage of the Wi-Fi Alliance

Individual evidence

↑ ^a ^b Viehböck: Brute forcing Wi-Fi Protected Setup. December 26, 2011, pp. 1-9 , accessed on March 3, 2017 (English).
↑ How does Wi-Fi Protected Setup work? Wi-Fi Alliance, accessed January 4, 2012 .
↑ Massive WLAN security gap. Heise online , December 29, 2011, accessed January 4, 2012 .
↑ How to Hack WPA WiFi Passwords by Cracking the WPS PIN . Alex Long. Retrieved February 19, 2015.
↑ WLAN security. Retrieved on August 24, 2015 (German).

[vieh2011-1] Viehböck: Brute forcing Wi-Fi Protected Setup. December 26, 2011, pp. 1-9 , accessed on March 3, 2017 (English).

[2] How does Wi-Fi Protected Setup work? Wi-Fi Alliance, accessed January 4, 2012 .

[3] Massive WLAN security gap. Heise online , December 29, 2011, accessed January 4, 2012 .

[4] How to Hack WPA WiFi Passwords by Cracking the WPS PIN . Alex Long. Retrieved February 19, 2015.

[5] WLAN security. Retrieved on August 24, 2015 (German).