Cybersecurity expert warns about this use of WiFi on your mobile: «Your data travels through the air without any protection.»

Using your mobile phone’s Wi-Fi is an everyday occurrence for everyone. It’s automatic and invisible. But there are features enabled that can leave your data completely exposed.

These days, connecting to a Wi-Fi network with your phone, whether at home, a friend’s house, or even a library, is something you do without thinking. A simple click and the connection is established.

However, there’s a serious problem of overconfidence in this service, with many assuming they’re safe simply because it’s encrypted with a password.

Cybersecurity experts have been warning for some time that there are router features that can bypass even the strongest password. And the worst part is that these features often come enabled by default, without the user even realizing it.

This is where Wi-Fi Protected Setup (WPS) comes in, a feature designed to simplify the process of connecting or pairing devices to the network while simultaneously ensuring its security.

How the famous WPS on your WiFi router works

This technology was created by the WiFi Alliance in 2006 to simplify the process of connecting devices. Connecting a device to a WiFi router usually involves entering a password. If you’ve truly ensured it’s secure, these passwords are often long and complex to prevent unauthorized access.

However, if you’ve ever tried connecting your WiFi to a friend’s phone, for example, you know this can be quite cumbersome. This is where the WPS button comes in. By pressing this button, the router allows compatible devices to connect to the network without needing a password.

When you press it, the router starts searching for compatible devices. If it finds one that supports WPS, the two will pair automatically. It’s worth noting that if nothing connects to the router within approximately two minutes, it will stop searching to ensure your security.

The original idea behind WPS was good. However, the problem is that on many routers, WPS works with an eight-digit PIN. And here’s the serious flaw: that PIN isn’t checked in its entirety, but rather in parts. This drastically reduces the number of combinations needed to guess it correctly.

In practice, an attacker doesn’t need years to bypass the protection. They can do it in hours, even minutes, with the right tools. And once the PIN is compromised, the router hands over the Wi-Fi password without any problem.

It doesn’t matter if you use WPA2 or WPA3, it doesn’t matter if your password is very long. The attack isn’t against the password itself, but against that backdoor that the router leaves open.

Some routers only allow WPS via a physical button, which reduces the risk, but doesn’t eliminate it. During those few seconds that the button is active, anyone within range can gain access. That’s why the experts are clear: if you don’t need it, disable it.

Source: www.computerhoy.20minutos.es