Wi-Fi Protected Setup (WPS) is a standard of the Wi-Fi Alliance that simplifies the registration process of end devices in an encrypted WLAN. Thanks to WPS, the WLAN password does not have to be configured on the client. There are four different WPS methods.
What is WPS?
The abbreviation WPS stands for Wi-Fi Protected Setup. It is a standard of the Wi-Fi Alliance from 2007, which simplifies the configuration of clients for logging into an encrypted WLAN. A total of four different WPS methods are available for configuring clients. Among other things, configuration is possible by pressing a button or by PIN.
Entering the WLAN password (pre-shared key – PSK) at the client is no longer necessary thanks to WPS. Since the implementations of WPS in various access points and WLAN routers sometimes have weak points, it is recommended to activate Wi-Fi Protected Setup only for the time when new clients are configured and to deactivate the feature the rest of the time.
Basically, WPS performs the tasks of mutual authentication of WLAN client and WLAN access point and automatic configuration of the WLAN password at the client.
The four different WPS methods
Part of the WPS standard is four different methods for configuring the WLAN client. These four methods are:
- Configuration by pushing a button (push button configuration – PBC)
- Configuration via pin
- Configuration via USB memory
- Configuration via Near Field Communication (NFC).
In the push-button configuration, there is a physical button on the WLAN access point and a software-implemented button on the WLAN client. If the button on the access point and on the client is pressed within two minutes, the client can join the WLAN automatically, since it receives the WLAN password during the configuration phase.
With the PIN method, the access point generates an eight-digit PIN that must be entered on the client-side for login. PIN configuration eliminates the need to enter a long and possibly complex WLAN password.
The USB method uses a USB stick to transfer the WLAN configuration data to the client. The USB stick must first be plugged into the access point and then into the client.
With the NFC method, it is sufficient to bring the client into the immediate vicinity of the access point. It then receives the configuration data via Near Field Communication. After configuration, the client is logged into the WLAN and can communicate within the WLAN range.
For access points or WLAN routers to receive WPS certification from the Wi-Fi Alliance, they must support at least the PIN and push-button methods.
The weak points of Wi-Fi Protected Setup
If WPS is enabled on the router or access point, an unauthorized person with physical access to the device can register any client on the WLAN using Push Button Configuration, for example. The PIN method is also very vulnerable if the PIN is statically specified by the access point and can be read off the back of the router, for example.
Often, the PIN can also be derived from the MAC address of the router or the access point. Since the number of possible combinations of the PIN is very small compared to a strong WLAN password, brute force attacks on the PIN method have a good chance of success in finding the PIN by trial and error in a relatively short time.
If you want to use Wi-Fi Protected Setup securely, it is recommended to activate WPS only for the period of time for which new clients are to be connected to the network.