The Rise and Fall of WiFi Protected Setup

WiFi Protected SetupWiFi Protected Setup or WPS is a protocol created by the WiFi Alliance in 2006 to make setting up a secure WiFi connection as simple as possible. It’s used as an alternative to creating a pre-shared key for WPA or WPA2 security on a router. WPS was created to be easy to use, and is typically set up by either

  • Entering a PIN that’s on a sticker on the device
  • Simultaneously pushing buttons on the router and the device that you want to connect

Recently, Craig Heffner of Tactical Network Solutions developed a method to defeat WPS. His open source tool, Reaver, is able to crack WPS and return the key to connect to a router that’s protected by either WPA or WPA2. This is a major problem, and is akin to the way that WEP has been defeated which have lead to tools that defeat WEP in a matter of minutes.

Consumers are advised to turn WPS off on their routers if at all possible. Some router will allow this, but others do not. Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they’ve tested. “On all of the Linksys routers, you cannot manually disable WPS,” he said. While the Web interface has a radio button that allegedly turns off WPS configuration, “it’s still on and still vulnerable.”