Tuesday, July 10, 2018

WPS disappeared in Android P and may never come back

wps android p

With Android P on the horizon, we're all excited to see what the final release brings us. We can expect to see performance improvements and new features like gesture navigation and a new UI. However, we can also expect a myriad of security enhancements, some of which may infuriate users at first. As first reported by AndroidPolice, it appears that Google may be deprecating WPS (Wi-Fi Protected Setup) support when Android P releases. For those who aren't aware, WPS allows you to connect a device to your router simply by pressing a designated button on your router. Some configurations then require you to enter a PIN code on your device.

WPS is inherently insecure because of this PIN-based authentication, with brute force attacks being commonplace against it. WPA2 may be cracked, but you don't even need to use an attack like that if you can just crack the WPS pin. But how do we know support is being dropped for it in Android P? A number of strings relating to the protocol have been marked as deprecated, with no actual documented changes. A Googler has responded saying that the development team has been notified, but that doesn't mean it isn't intentional. Trying to access WPS will return a generic error, which makes this look very intentional.

So what next for those who may need WPS in their daily lives? It's an old security standard and one that's extremely insecure. While it may be useful at home, it's a protocol which should have no place in a commercial setting. It's not a big deal either, as users can just enter the network password on their smartphone instead. It may be inconvenient, but it certainly won't stop people from accessing the internet. You can check out the bug tracker below for the issue. We'll update this article if Google responds.


Source: Google Issue Tracker Via: AndroidPolice



from xda-developers https://ift.tt/2maJz5w
via IFTTT