Wi-Fi Protected Setup (WPS) is a method common on home access points for users to connect without having to type in a long encryption key. Instead a PIN is printed on the access point and anyone with physical access can add themselves to the wireless. This has always seemed kind of hinky to me so I disable WPS after all my devices are setup.
Research posted earlier this week by Stefan Viehbock reports WPS design flaws and implementation flaws that can result in an attacker accessing your network.
Flaw #1 – WPS is vulnerable to brute force attacks
Flaw #2 – The access point sends a authfail if the first half of the PIN is incorrect. Uh huh.
A brute force tool has been written but has not been released at the time of this posting.
Where possible, users should disable WPS on their home access point when they are not actively adding new wireless clients.