[ytjohn]

You do have a good point there. It could work for home/apartment building attacks.

I'm not sure how many people know about the WPS button most routers have now, but I've got several people using it. It's rather slick when it works (I've only had it fail on HP printers). Windows 8 actually tells them to press the button. I think Android could make this more blatant to spread adoption.

You select the network on your device and press the WPS button and a few seconds later it's synced. Never need the password again.

[drinkyouroj]

WPS makes stealing the WPA PSK as trivially easy as WEP. Basically, WPS protects the WPA key with a 7-digit PIN - cracking that PIN is enough to authenticate with the router and have it provide the encryption key.

It seems like this should be easy to defend against, but everything I've ever read about WPS says no one seems to be putting any such protections in place.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Brute-for...

[johnsoft]

>WPS protects the WPA key with a 7-digit PIN - cracking that PIN is enough to authenticate with the router and have it provide the encryption key.

Not only that, but routers verify the first and second halves of the PIN separately. So instead of brute forcing in a keyspace of 10000000, you only need to find one number up to 10000, and a second number up to 1000. (The second half of the PIN is actually a 4-digit number as well, but the last digit is just a checksum digit.)

If it weren't for that issue, attacks would take months/years instead of minutes/hours.

[ikeboy]

I've also read that if you have the pin, you can get the password even after WPS is turned off, which means it's a permanent pwn.

Random comment I read somewhere, so may not be reliable.

[HackinOut]

WPS push button and WPS PIN are two separate features. If you only have WPS Push Button enabled you are not vulnerable.

[deadfoxygrandpa]

But WPS PIN is the default, mandatory WPS method. WPS Push Button is an optional part of the spec.