Steve Smith explains what WPS is and why it makes WPA so incredibly insecure, as a result.
Episode #3-05 released on October 14, 2012
The WPS Feature, also named Wifi Protected Setup, is a simplified utility that allows inexperienced users to connect their wireless devices using an 8 digit numerical pin to allow for an exchange that will function using WPA. WPA is one of the most secure wireless protocols available for consumers to this date. In order to be Wireless Fidelity certified, all routers must meet a minimum specification that includes, but is not limited to, the mandatory inclusion and default activation of the WPS feature. Like UPNP, this feature is designed to minimize the occurrence of users calling for technical support. This is where WPS is a problem.
The first issue with WPS is the fact that, in order to be WiFi certified, you have to have WPS on by default. You may, also, add a button for simpler usage, the pin has to be 8 digits, and numerical. At 8 digits, the standard numerical password of 8 digits is only 10 to the power of 8 strong. In the case of WPS, the first 4 digits are verified first, so 10 to the power of 4, or 1 in 10000, the second half is also 4 digits long, but the last number is a checksum, so it is only 10 to the power of 3, or 1/1000. This gives a possible chance of 1 in 10, 000, 000. A standard 8 digit pin would have been 1 in 100, 000, 000, ten times stronger and a lot longer to guess. With a program guessing the first 4 digits, then last 4 digits, once every 15 seconds, it would only take 45 hours, 50 minutes to make a guess against WPS. Take away repeating sequential digits, and you may lessen that time dramatically. The continuous guessing may, also, force the router to disable itself, or make it fail, as well. If the whole 8 digit pin was verified as a whole, it would take longer to guess, and if the addition of a three guess system was applied, make it impossible to access. The companies did not do that in order to make this system easier. Worst yet, many routers have the Pin printed onto the device itself, so if anyone could handle the machine itself, access to the network would be assured. If the pin was changed for an 8 character password including small, capital and numbers, the statistical probability is now 62 to the power of 8, or 1 in 218, 340, 105, 584, 896 probability. Needless to say, it is still not secure, considering a 16 character password of small, and capital letters and numbers comes out to 62 to the power of 8, or way too long to continue writing, and still not considered secure by cryptology standards.
With all this, why do you care? Well, consider this, WPS is a cancer to the security of WPA, which is in itself just as secure as the length of your password, and the palette of characters you choose to include. However, once you have access to a router, you have the ability to view shared files, access the computers, take advantage of UPNP, if enabled, to punch wholes in the firewall allowing for other hackers to reap havoc, etc... In order to protect yourself for these kinds of localized attacks that can only been done within range of your wireless, you need to turn off WPS, not an easy feat if your using a Cisco, or Linksys Router. If your router is listed in the DD-WRT database, you may swap your firmware with Tomato, which does not support WPS anyway, which will make your router safer, or just buy an Apple Airport, link in the show notes. Apple Airports do not have WPS activated by default, supply a new pin every time it is used, and once the device is connected, the WPS feature is turned off again. Making a brute force attack unlikely in the case of any Apple Airport, or any DD-WRT capable device with Tomato firmware enabled.
Next week, I'll be talking about the differences between WEP and WPA, and explain why WPA is the only one of the two you should ever use, a once and for all look at WPA and why it is the choice for wireless until something better comes along.
Remember to like this episode if you were interested in today's topic, share if you think someone else could benefit from the topic, and subscribe if you want to learn more. For the show notes of this episode and others, for more information on other ways to subscribe to our show, to subscribe to our weekly newsletter, and how to participate by submitting your questions, comments, suggestions, and stories, head over to TQAWeekly.com.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions