Using Wi-Fi and not thinking about the protection is next to impossible. And for this very reason Wi-Fi Alliance has certified the usage of WPS or Wi-Fi Protected Setup. Now the obvious question that pops up in your head is: What is WPS?
Well, let’s decode it.
What is WPS?
Wi-Fi Protected Setup (WPS), optional certification, is based on a technology that is designed to allow the users to easily protect the network in home or small business environments. It follows a few easy methods to enable the user to configure the network’s security.
How does WPS works?
Now, since you know what WPS is all about, you definitely want to figure out how this system works. Well, the primary approaches to set up the network in Wi-Fi Protected Setup can be divided in three accesses:
1. Push-button configuration (PBC)
In the case of some WPS networks, the user can connect multiple devices to encode the data by pushing a button. A physical button or a virtual one will be there with the access point. The user needs to take care of the fact that during a process, which lasts only these few minutes and is closely followed by the push of the button, some other unwanted devices can intrude the network if they are within the range.
2. Pin entry
A unique Personal Identification Number (PIN) is required for each device to join the network in WPS. There are a few instances that a fixed pin label or sticker can be placed on a device. It can also happen that a dynamic pin can be generated to be displayed on the device’s screen. PIN is a secure process, since it will ensure that the intended device is added to the network and no other device is be able to intrude.
A registrar device, may be the accesses point itself, can detect the new Wi-Fi device in the range and coax the pin from it. It can also authenticate each device in the network. The PIN method is supported in all devices.
3. Near Field Communication (NFC)
NFC is an interface, which enables the other unregistered device to transfer the network setting. This can be done even without the PIN of the other device. It is often said that this is the safest method that protects against the intrusion of unintended devices. This is an optional method for WPS.
Advantages of WPS
When WPS configuration was first devised, there were many advantages that media talked about a lot. They are:
- Automatic configuration of the network name (SSID) and WPA security key for the other WPA-enabled devices and access point.
- No need to know SSID, security keys or passphrases to connect.
- The security keys can’t be guessed since they are randomly selected.
- Using the Extensible Authentication Protocol (EAP), the information and network credentials can be exchanged online.
- WPS is supported by Windows Vista.
Vulnerability of WPS
Despite having all those advantages, WPS has its fare share of vulnerability too. In 2011, the U. S. Computer Emergency Readiness Team (CERT) confirmed that there is a big enough loophole in the WPS system that can be breached by any network. According to them, WPS can be hacked. And when it happens, any mischievous user not only can access the network, but can also get hold of all your personal data, be it your credit card details or your id.
The WPS is accessible through PIN. It causes the system to be more vulnerable to the hackers. To initiate a PIN, a user needs to follow only three simple steps:
- Log in
- Enable PIN
- Create a PIN code of nine digits
Since the PIN code consists of nine digits, the choices are limited for such a combination. The guessing game becomes easier since the system offers 11,000 possible guesses. The problem is, even in an ATM, after a few misses of PIN, the machine does not let you to insert any other choice. This is because it decides itself that the access is unintended. But, in WPS, routers do not have such a system yet. So, it keeps on accepting the PIN as long as the other user wants to insert it.
Push button can also be proved to be helpful to the hackers. It just needs a user who has physical access to the button or the access point. If the user has some authentic client with WPS capability, then there are high chances that the access is going to be exploited.
What the Industry has to Say
Since it has been reported more than once that the WPS is vulnerable, the company wants to solve the matter once and for all. So, as PC Mag reports, the director of global marketing for TRENDnet Zak Wood says that in order to find a solution, the company is planning to remove the PIN function and they are preferring to keep the push function secure.
WPS is designed for mainly those people who are clueless about network security. The problem can only be fixed if the vendors come forward with new updates. Otherwise the system is going to be as only much secure as an unlocked safe is.
[Image credit: Sean MacEntee, Flickr]