Computing and networking has more than its fair share of acronyms. In fact, I would say there are more acronyms in computing than just about any other industry. It is difficult enough if you work within the industry like I do but if you’re a user with more important things to worry about it can be very confusing. So what does WPS mean and why should you care?
WPS stands for Wi-Fi Protected Setup and is used in wireless networking. It was designed to allow devices to quickly access a wireless network without having to know the network name or encryption key. While a great idea in theory, it isn’t so great in practice. Unfortunately, many Wi-Fi routers have WPS enabled by default.
Why WPS was developed
In the early days of Wi-Fi networking, getting a network to connect regularly and reliably used to be a real challenge. Getting a new device to join an existing wireless network could be a nightmare and peer-to-peer connections were even more difficult. In order to help with Wi-Fi setup, WPS was developed.
The idea was that rather than having to find the network name (SSID) and the encryption key, you could use a PIN or physical button on the router controlling the network. If you had access to the router and could push the WPS button, the likelihood was that you had permission to access the network as you were in the building.
Even though WPS is a global standard, Apple and Linux don’t support it. Only Windows, Android and BlackBerry currently supports its use. If you are trying to connect an Apple device to your Wi-Fi network using the WPS button, it will never happen.
How to use WPS
The intent of Wi-Fi Protected Setup is to enable you to set up a wireless network without compromising security too much. It does fail hard at that but I’ll cover that in a bit. First, let us look at how you can use WPS to connect a new device to your network.
If your routers is WPS compatible, there should be a button on the back that will either say WPS or have a pair of arrows in a circle like a recycling sign.
- Bring the device you want to connect to Wi-Fi close to the router.
- Press the WPS button on the back of your router.
- Select Wi-Fi on the device and search for the Wi-Fi network.
- Select join network if prompted and wait for it to connect.
Where you would usually have to enter the network name (SSID) and password, you don’t with WPS. As you have opened up the network to new devices the router will automatically provide the login details to the device for it to store. The device should join the network and connect to the internet without a problem.
To connect using the WPS PIN, you need to explore the network on the device. Let’s use an Android smartphone as the example. You will of course need to know the PIN for this to work. This should be in your wireless config screen on your router or sometimes on a sticker on the bottom of the router.
- Open Settings on your smartphone.
- Navigate to Wireless and networks.
- Enable Wi-Fi and then select the network you want to connect to.
- Select WPS PIN and follow the wizard. Enter the PIN and connect.
Why you should disable WPS immediately
WPS is designed to offer hassle-free Wi-Fi connection without needing to know the SSID and password. You can use a PIN or the hardware button to access the network and be up and running within two minutes.
So far so good right? If you have to push a button, the network is secure. But what about that PIN? Part of WPS mandates the use of an eight digit PIN. Even if you don’t ever use it, the PIN is enabled as it is part of the global WPS standard.
The main issue is that PIN. While it is eight digits long, it is broken up into two lots of four. Only one set of four numbers is required to access the network. If a hacker wanted to access your network, rather than having to break into your house and hit the WPS button or try to hack your WPA2 encryption, they just need to hack the first four digits of the WPS PIN.
Given how quickly that could be done with a brute force attack, a hacker could potentially be in your network in under five minutes. Four digits only has around eleven thousand possibilities whereas an eight digit PIN has over ten million. WPA2 has many more than that, so you can see the vulnerability WPS presents. With the right laptop and software, it would take mere seconds to try all 11,000 combinations.
Google ‘WPS PIN hacking’ and see just how many results there are on the subject. Then see how many tools and tutorials there are showing you exactly how to hack a WPS PIN. There are hundreds of them and most are freely available to anyone. If that isn’t reason enough to turn off WPS, I don’t know what is!
How to disable WPS
Turning off WPS is just a matter of logging into your router and turning the option off. Depending on your router manufacturer, this will likely be on the wireless configuration page. Look for a WPS or Wi-Fi Protected Setup entry and select OFF or disabled and save the setting.
It does mean you will have to set up your network the old fashioned way but considering how more secure you will be as a result, I consider it a no-brainer.
In theory, the push button part of WPS is secure. Someone would need physical access to your router in order to access your network. If they were on your property anyway, they could just take your computer or do what they were planning to do right there and then. The PIN part of WPS is where the weakness lies and the whole reason I recommend you disable WPS right away. Your Wi-Fi network is vulnerable until you do.