What is Wi-Fi Protected Setup (WPS)?

What is the Wi-Fi Protected Setup (WPS)(also called Push 'n' Connect) feature found on all newer NETGEAR wireless routers? How can I use it to connect devices to my wireless network?

Overview:

Wi-Fi Protected Setup (WPS) is a network security standard that allow users to easily secure a wireless home network, and connect wireless client devices (iPad's etc.) to it, without accessing the router's configuration screens, and without even knowing the wireless network's security key/passphrase. To connect using WPS, both your wireless router and your wireless client device must support WPS. Some of NETGEAR's products use the name Push 'n' Connect for WPS.

Important Note:

A major security flaw was revealed in December 2011 that affects all manufacturer's wireless routers which have the WPS PIN feature. The flaw allows a remote attacker to recover the WPS PIN in a few hours of brute attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key or password. Once the attacker have your networks WPA/WPA2 pre-shared key or password, they can connect to your network without your consent and take advantage.

What is WPS (Wi-Fi Protected Setup)?

WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA Personal or WPA2 Personal security. WPS doesn't provide support for wireless networks using the deprecated WEP security.

In a normal setup, you can't connect a wireless device to a wireless network unless you know its network name (also named SSID) and its password (also named WPA-PSK key). On your devices you must first pick the network you want to connect to and then enter its security password. This is where the WPS comes in to simplify the connection process.

There are several ways you can connect to a wireless network using WPS:

• First, press the WPS button on your router to turn on the discovery of new devices. Then, go to your laptop, tablet or smartphone and select the network you want to connect to. Your device gets automatically connected to the wireless network without entering the network password.
• You may have devices like wireless printers or wireless range extenders with their own WPS button that you can use for making very quick connections. Connect them to your wireless network by pressing the WPS button on the router and then on those devices. You don't have to input any data during this process. WPS automatically sends the network password and these devices remember it for future use. They will be able to connect to the same network in the future without you having to use the WPS button again.
• A third method involves the use of an eight-digit PIN. All routers with WPS enabled have a PIN code that's automatically generated and it cannot be changed by users. You can learn this PIN from the WPS configuration page on your router. Some devices without a WPS button but with WPS support will ask for that PIN. If you enter it, they authenticate themselves and connect to the wireless network.
• A fourth and last method also involves using an eight-digit PIN. Some devices without a WPS button but with WPS support will generate a client PIN. You can then enter this PIN in your router's wireless configuration panels and the router will use it to add that device to the network.

While the first two methods are both secure and very quick, the last two are insecure and they do not provide any benefits in terms of connecting devices to a wireless network faster than usual. You have to type that eight-digit PIN and typing the wireless network password is just as fast. The fourth method of connecting to a wireless network is even slower because you have to access the router's wireless configuration section and type the PIN provided by the client device.

The Problem With WPS: The PINs is Very Insecure

The WPS standard mandates the use of a PIN on your router. Even if you never use that PIN, the router will generate it. As revealed by security researcher Stefan Viehböck, the WPS PIN is highly vulnerable to brute force attacks. You can read a paper detailing his findings, here. It is a very interesting read even if you are not a technical person.

What Stefan Viehböck has learned is that the eight-digit PIN is stored by routers in two blocks of four digits each. The router checks the first four digits separately from the last four digits. A hacker can brute-force the first block of four digits and move on to the second block. A smart hacker with the right tools can brute-force the pin in as little as 4 to 10 hours. Most hackers should pull this off in about a day.

Once this PIN is brute forced, they can connect to your wireless network and learn your security key, getting complete access to your network.

Who Invented the WPS & When?

WPS was invented by the Wi-Fi Alliance. This is a global non-profit association that promotes Wi-Fi technology and certifies Wi-Fi products, if they conform to certain standards of interoperability. The Wi-Fi Alliance has more than 600 members and it includes many popular companies including Microsoft, Apple, Samsung, Nokia and others. All the important providers of networking equipment are also part of this organization.

This organization owns the Wi-Fi trademark. When you see a device with the Wi-Fi logo on it, it means that it has been certified by the Wi-Fi Alliance.

Wi-Fi Alliance introduced the WPS (Wi-Fi Protected Setup) in early 2007 with the goal of allowing home users who don't want to fiddle with long wireless network passwords and security settings to quickly connect new wireless devices to their networks.

Which Devices Work With WPS?

Since routers are the ones that manage wireless connections through WPS, they are the most popular type of devices providing support for this standard. Modern routers sold by the most important manufacturers of such devices have WPS support. On most routers, WPS is enabled by default.

You will find WPS support on diverse networking equipment. For example, modern wireless printers may have a WPS button for establishing quick connections. Many modern wireless range extenders can be connected to your wireless network only through WPS.

Computers and gadgets of all kinds may provide support for WPS if their operating system is designed to work with this standard. To learn more, read the next section in this article.

Which Operating Systems Provide Support for WPS & Which Don't?

WPS adoption is not that great when it comes to operating systems providing native support for it. Fortunately, the most important operating systems on the market (Windows and Android) work with WPS:

• Windows provides native support for WPS since 2007, when it was first implemented in Windows Vista. Windows 7 and Windows 8 operating systems also work with WPS.
• Android has started to offer native support for WPS at the end of 2011, when version 4.0 Ice Cream Sandwich was launched. All subsequent versions of Android work with WPS.
• Blackberry has started to offer native support for it at the end of 2010, when BlackBerry 6 was launched. All subsequent versions of Blackberry work with WPS.

The list of operating systems which do not have native support for WPS is relatively long and it includes: Apple's OS X and iOS operating systems, Windows Phone and the most popular Linux distributions like Ubuntu or Linux Mint.

Connecting to the router using the WPS button:

1. Make sure that the router is receiving power (its Power LED is lit).
2. Check the WPS instructions for your computer or wireless device.
3. Press the WPS button on the router.
4. Within two minutes, on your computer or WiFi device, press its WPS button or follow its instructions for WPS connections.
   Your computer or wireless device connects to the WiFi network.

Connecting to the router using the WPS wizard:

1. Launch an Internet browser from a computer that is connected to the router.
2. Type http://www.routerlogin.net or http://www.routerlogin.com.
   A login screen displays.
3. Enter the router user name and password.
   The user name is admin. The default password is password. The user name and password are case-sensitive.
   The BASIC Home screen displays.
4. Select ADVANCED > WPS Wizard.
   A note explaining WPS displays.
5. Click the Next button.
6. Select a setup method:
   • Push button. Click the WPS button on this screen.
   • PIN Number. The screen adjusts. Enter the client security PIN and click the Next button.
7. Within two minutes, go to the client device and use its WPS software to connect to the WiFi network.
   The WPS process automatically sets up your wireless computer with the network password when it connects. The router WPS screen displays a confirmation message.

Conclusion

As you can see from this article, WPS is a rather troubled wireless networking standard. While it can make your life easier, it is also vulnerable to attacks and it may be hard to use with some devices. Before you close this article, let us know if have you used WPS to connect your devices to the wireless network. How well did it work for you? Did you choose to turn it off because of its security vulnerabilities?