Networking

What is WPS on routers, how does it work and why you should disable it

The WPS or Wi-Fi Protected Setup is a protocol designed specifically for Wi-Fi home networks. Thanks to WPS we can connect to Wi-Fi wireless networks without having to enter the complex WPA or WPA2 password that we have configured in our router, however, having WPS enabled poses a risk to the security of the wireless network itself, therefore that its use is not recommended. Today in RedesZone we are going to show you in detail how WPS or Wi-Fi Protected Setup works.

What is WPS and how does it work?

The vast majority of home devices that we connect to the Internet and the local network do so via Wi-Fi. Smartphones, tablets, smart speakers, lighting, laptops, desktop computers, home automation devices, IP cloud cameras with Wi-Fi and a long etcetera, are connected to our router by Wi-Fi, all these connections can be made in a traditional way, by entering the complex WPA / WPA2 password, which is still the most secure today, or by using WPS (Wi-Fi Protected Setup).

To make the concept clear, the WPS system is an authentication method created to facilitate access to secure networks in a simple way.. This connection method has been introduced since 2007 with the appearance of the Wi-Fi 4 or Wi-Fi N standard, although currently the Wi-Fi Alliance has already terminated this method as it is considered insecure. However, we will have a time of transition, where manufacturers of routers and domestic APs will continue to incorporate it to give compatibility with older equipment, since it is very possible that they are not compatible with WPA3. Being a standard that was invented 12 years ago, currently all equipment with the Wi-Fi 4 standard onwards incorporates it, even the operators’ routers have this feature, with the aim of facilitating quick and easy connection for users. easy.

Through WPS, any user can connect to a wireless network without having to know the password for that network. WPS allows two connection methods, through the WPS button on the router itself, or by entering a PIN code of at least 8 digits and a maximum of 8 digits.

WPS via physical button on routers

If we select the WPS button connection option , just press this WPS button on our router for a couple of seconds and search for the network with our devices to connect. The device will find the network, and it will automatically connect without having to enter a PIN code. Logically, when pressing the WPS button we will have a time of between one and two minutes to connect without entering any authentication, later this “access” will be closed for security. Currently most manufacturers have opted for this option to connect different devices to the wireless network, as it is more secure than the PIN entry method.

WPS by entering a PIN code

Regarding the PIN code input method. At any time, and without having to physically press the WPS button, we can connect to the Wi-Fi wireless network, and enter the WPS PIN code that we have configured in our router. This will allow us to remember a PIN code of at least 8 digits, and a maximum of 8 digits, and not the complex WPA / WPA2 password that we have in our wireless router.

This WPS method with PIN code entry has undergone changes since it first appeared. The first thing we have to keep in mind is that to crack the 8 digits of the WPS, we will not need to try 100,000,000 combinations, corresponding to a length of 8 digits from 0-9, but the combinations are much smaller since this 8-digit PIN, internally it is divided into two sub-pins of 4 digits each, and, furthermore, according to the standard, the last digit of the second PIN is checksum. Due to this architecture, the combinations that we will have to test to crack a WPS PIN go from 100,000,000 combinations to only 11,000 combinations.

Manufacturers try to mitigate WPS vulnerabilities

The manufacturers, when different vulnerabilities were discovered in this WPS protocol, what they decided was to incorporate into their firmwares methods to avoid brute force attacks, since with 11,000 combinations it is very feasible to be able to discover the PIN in about 24 hours, although it will depend on several factors (chipset of the Wi-Fi card with which you audit the Wi-Fi network, Wi-Fi router, and also distance to said router). This means that currently if we enter the PIN code wrong a series of times (in some routers it is 3 times, in others 5 times, etc.) access via PIN is automatically blocked until we restart the router, to protect ourselves from these attacks. In some cases, some carrier routers always have the same PIN code set, so cracking it in seconds is completely trivial. In other cases,

Other manufacturers have directly disabled the WPS option by entering the PIN, and it is only allowed through the physical button, since we will have to press it on our router to connect. This is the best way to use WPS without being so vulnerable. It is really rare that any of your neighbors have the necessary knowledge to be able to steal your PIN, but as a recommendation, you should always disable WPS, especially if you use PIN for client connection and do not have measures to mitigate attacks by force gross.

Tools to crack the WPS PIN

To understand how they can get our WPS PIN, let’s take the Dumpper tool as an example, since this tool has greatly simplified the fact of hacking Wi-Fi networks and any user can manage to violate the security of a network with active WPS without having some great prior knowledge. The creator of this «tool to detect failures in the security of our networks» ensures that any user with a minimum of interest and some luck can violate the security of a Wi-Fi network in less than ten minutes just by clicking a couple of times in the interface of your tool. Dumpper is a software with which we can crack the WPS PINs of the nearby routers, see the number of Wi-Fi networks in each channel, ping any network,perform dictionary attacks and many other utilities.

Once the tool is started and updated, we will choose the network interface, and click on Scan within the WPS tab. We will see all the networks within reach of our wireless network card with the WPS option activated, and information about each one of them. We can see a circle with 4 possible colors, each one will belong to the probability of hitting the PIN they offer.In addition, we can see the MAC address of the access point in question, the channel the network is currently on, its signal quality and the PIN suggested by the tool. If we select one of the networks we can see more information about the interface. In this way, we can even obtain the model of the router that generates the network that we have chosen, which can be useful if we want to find the default password in the tool’s dictionary to access the configuration. Finally, we will only have to click on WpsWin and wait , if the Dumpper manages to enter, a “.txt” file with the WPS PIN will be automatically generated, we will only have to use it to connect to the network.

This process of cracking a WPS through a pre-generated PIN and known by the different tools, will allow us to obtain the WPA or WPA2 key that the router is using in seconds, just as long as it takes the program to test the different PINES that are previously known , because manufacturers have decided to incorporate it into their wireless routers for all of them the same. This is a very important security flaw, because by trying the same WPS PIN on different routers, we will be able to get the password.

Other tools

If you are familiar with Linux environments, we recommend you try the WifiSlax distribution as it includes all the necessary tools to crack the WPS. We have tools such as Bully and Reaver to perform wireless audits efficiently, and we even have other automated tools such as Bullyciosa, and even tools that have dictionaries with the default PINs of different routers, ideal for cracking the WPS PIN in seconds.

Other tools to use to hack a Wi-Fi network, this time from an Android device, is WPSapp, this tool is practically a mirror of Dumpper but for Android devices. Once installed it works in the same way as Dumpper, it scans the networks with active WPS and uses a huge library of default keys to give us the pins with the most chances of success, once we obtain the PIN it is done, we have access. Another tool is, for example, WPSPIN that will allow us to use a dictionary and also brute force attacks.

Security Recommendations Regarding WPS (Wi-Fi Protected Setup)

The solution to all this of the WPS vulnerabilities is much simpler than what you are thinking, a recommendation that you have already made more than once, deactivate the WPS from the router firmware, it is very simple and we will avoid possible problems intrusions. We are going to give you simple steps to deactivate the WPS function of your equipment for the current operators with a common step, in all the routers we will enter the interface through the IP address 192.168.1.1, regardless of the company that provides us service.

For the Movistar HGU you only have to access the Wi-Fi configuration and in the security section change the drop-down to “deactivated” and save the settings. By means of its button «configure AP» we will be able to establish a new code automatically generated by the router’s own key dictionary.

For the Livebox Fibra and Livebox Plus (they share firmware and the process is identical) from Orange and Jazztel, you must click on the upper Wi-Fi tab and going down a bit we will reach the option of “paired by WPS”, we deactivate it and we click on save.

For the Vodafone Compal CG7486E, Wi-Fi upper tab, WPS section and click on off and apply to save changes. With its button «Generate AP PIN» we can generate a new PIN code which will be assigned from the router’s key dictionary. However, it is recommended to always disable it.

And for the ZTE F680 from the MásMovil group, they had the idea of ​​not being able to put a WPS PIN, its authentication by WPS can only be done through the physical button of the router or from the interface in the WPS PBC tab. So, in this case, we do not run a risk unless we press this button ourselves.

In the most current routers from manufacturers such as ASUS, AVM FRITZ! Box, D-Link, NETGEAR and others, it will allow us to disable the WPS by PIN forever, and use only the PIN by button method to synchronize wireless devices. We can also completely disable the WPS, however, in the case of router manufacturers that allow configuring a Mesh network with different routers, it is necessary that we have the WPS activated and working to synchronize the different devices, otherwise, we will not be able to add new nodes to extend the wireless network. However, what we could do is configure the nodes for the Mesh network via WPS, and once they are configured, disable WPS completely because they will already be added.

From RedesZone we hope that this article has helped you, and now that you know everything about WPS, you can defend yourself against anyone who wants to access your network by violating its security, you will know how to make more intelligent use of this connection method and in case of receive an attack, you will be more prepared to solve the problems that it may cause.

The future of WPS: demise in favor of Wi-Fi Easy Connect

WPS will no longer be used in the next generation of wireless equipment in favor of Wi-Fi Easy Connect, in fact, the latest operating systems are already beginning to stop supporting this protocol for the safety of their users. This Wi-Fi Easy Connect provides a simplified method for connecting to wireless networks, making use of QR codes to easily scan with our mobile device, in addition, a device compatible with Wi-Fi Easy Connect will not need any graphical user interface, ideal for IoT devices. Lastly, this method uses public key cryptography to secure authentication, and is compatible with WPA2 and WPA3.

Nowadays the WPS (WiFi Protected Setup) protocol is no longer compatible with the new WiFi security protocol WPA3, it is only compatible with the WPA and WPA2 protocols, therefore, it is a very good sign that the WPS protocol will soon be disappear. We must bear in mind that this protocol has been widely used in domestic environments to connect easily and quickly to the wireless network, however, due to all the associated security problems, it is not recommended to use it, not even in its form of « button », because in that time of 60 or 120 seconds, any user could connect to the WiFi network. In fact, if someone is using specific programs to audit WPS security, they could easily decrypt the WPA or WPA2 key without having to test the PINs on the router,

Leave a Reply

Your email address will not be published.

Back to top button