Simple Questions: What is WPS (Wi-Fi Protected Setup)?

If you have configured a wireless router on your own, you have encountered the term WPS in its configuration menus. Or you have have seen a button named WPS alongside all the ethernet ports on the router's back. Do you know what WPS is? What does it stand for and how is it used? Which devices and operating systems provide support for WPS? Learn the answers to these questions and more, from this tutorial.

What is WPS (Wi-Fi Protected Setup)?

WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA Personal or WPA2 Personal security. WPS doesn't provide support for wireless networks using the deprecated WEP security.

In a normal setup, you can't connect a wireless device to a wireless network unless you know its network name (also named SSID) and its password (also named WPA-PSK key). On your devices you must first pick the network you want to connect to and then enter its security password. This is where the WPS comes in to simplify the connection process.

There are several ways you can connect to a wireless network using WPS:

  • First, press the WPS button on your router to turn on the discovery of new devices. Then, go to your laptop, tablet or smartphone and select the network you want to connect to. Your device gets automatically connected to the wireless network without entering the network password.
  • You may have devices like wireless printers or wireless range extenders with their own WPS button that you can use for making very quick connections. Connect them to your wireless network by pressing the WPS button on the router and then on those devices. You don't have to input any data during this process. WPS automatically sends the network password and these devices remember it for future use. They will be able to connect to the same network in the future without you having to use the WPS button again.
  • A third method involves the use of an eight-digit PIN. All routers with WPS enabled have a PIN code that's automatically generated and it cannot be changed by users. You can learn this PIN from the WPS configuration page on your router. Some devices without a WPS button but with WPS support will ask for that PIN. If you enter it, they authenticate themselves and connect to the wireless network.
  • A fourth and last method also involves using an eight-digit PIN. Some devices without a WPS button but with WPS support will generate a client PIN. You can then enter this PIN in your router's wireless configuration panels and the router will use it to add that device to the network.

While the first two methods are both secure and very quick, the last two are insecure and they do not provide any benefits in terms of connecting devices to a wireless network faster than usual. You have to type that eight-digit PIN and typing the wireless network password is just as fast. The fourth method of connecting to a wireless network is even slower because you have to access the router's wireless configuration section and type the PIN provided by the client device.

The Problem With WPS: The PINs is Very Insecure

The WPS standard mandates the use of a PIN on your router. Even if you never use that PIN, the router will generate it. As revealed by security researcher Stefan Viehböck, the WPS PIN is highly vulnerable to brute force attacks. You can read a paper detailing his findings, here. It is a very interesting read even if you are not a technical person.

What Stefan Viehböck has learned is that the eight-digit PIN is stored by routers in two blocks of four digits each. The router checks the first four digits separately from the last four digits. A hacker can brute-force the first block of four digits and move on to the second block. A smart hacker with the right tools can brute-force the pin in as little as 4 to 10 hours. Most hackers should pull this off in about a day.

Once this PIN is brute forced, they can connect to your wireless network and learn your security key, getting complete access to your network.

Who Invented the WPS & When?

WPS was invented by the Wi-Fi Alliance. This is a global non-profit association that promotes Wi-Fi technology and certifies Wi-Fi products, if they conform to certain standards of interoperability. The Wi-Fi Alliance has more than 600 members and it includes many popular companies including Microsoft, Apple, Samsung, Nokia and others. All the important providers of networking equipment are also part of this organization.

WPS, Wi-Fi Protected Setup, Wi-Fi Alliance, certification, standard, security

This organization owns the Wi-Fi trademark. When you see a device with the Wi-Fi logo on it, it means that it has been certified by the Wi-Fi Alliance.

WPS, Wi-Fi Protected Setup, Wi-Fi Alliance, certification, standard, security

Wi-Fi Alliance introduced the WPS (Wi-Fi Protected Setup) in early 2007 with the goal of allowing home users who don't want to fiddle with long wireless network passwords and security settings to quickly connect new wireless devices to their networks.

Which Devices Work With WPS?

Since routers are the ones that manage wireless connections through WPS, they are the most popular type of devices providing support for this standard. Modern routers sold by the most important manufacturers of such devices have WPS support. On most routers, WPS is enabled by default.

You will find WPS support on diverse networking equipment. For example, modern wireless printers may have a WPS button for establishing quick connections. Many modern wireless range extenders can be connected to your wireless network only through WPS.

Computers and gadgets of all kinds may provide support for WPS if their operating system is designed to work with this standard. To learn more, read the next section in this article.

Which Operating Systems Provide Support for WPS & Which Don't?

WPS adoption is not that great when it comes to operating systems providing native support for it. Fortunately, the most important operating systems on the market (Windows and Android) work with WPS:

  • Windows provides native support for WPS since 2007, when it was first implemented in Windows Vista. Windows 7 and Windows 8 operating systems also work with WPS.
  • Android has started to offer native support for WPS at the end of 2011, when version 4.0 Ice Cream Sandwich was launched. All subsequent versions of Android work with WPS.
  • Blackberry has started to offer native support for it at the end of 2010, when BlackBerry 6 was launched. All subsequent versions of Blackberry work with WPS.

The list of operating systems which do not have native support for WPS is relatively long and it includes: Apple's OS X and iOS operating systems, Windows Phone and the most popular Linux distributions like Ubuntu or Linux Mint.

Conclusion

As you can see from this article, WPS is a rather troubled wireless networking standard. While it can make your life easier, it is also vulnerable to attacks and it may be hard to use with some devices. Before you close this article, let us know if have you used WPS to connect your devices to the wireless network. How well did it work for you? Did you choose to turn it off because of its security vulnerabilities?