Wi-Fi Protected Setup

Created by Cisco and introduced in 2006, the purpose of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.

[2] A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default.

[3] Users have been urged to turn off the WPS PIN feature,[4] although this may not be possible on some router models.

Other than purely informative type–length–values, those IEs will also hold the possible and the currently deployed configuration methods of the device.

The exact stream of messages may change when configuring different kinds of devices (AP or STA), or when using different physical media (wired or wireless).

[11][12] In December 2011, researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to be performed on WPS-enabled Wi-Fi networks.

The ease or difficulty of exploiting this flaw is implementation-dependent, as Wi-Fi router manufacturers could defend against such attacks by slowing or disabling the WPS feature after several failed PIN validation attempts.

[3] A young developer based out of a small town in eastern New Mexico created a tool that exploits this vulnerability to prove that the attack is feasible.

This attack works only on the default WPS implementation of several wireless chip makers, including Ralink, MediaTek, Realtek and Broadcom.

All WPS methods are vulnerable to usage by an unauthorized user if the wireless access point is not kept in a secure area.