The correct answer is false because a WPS PIN attack can be performed remotely. Attackers do not need physical access to the router; instead, they exploit the WPS PIN feature to gain access to the network by using software tools that attempt to brute-force the WPS PIN, which is an 8-digit number. Such attacks often exploit the fact that the PIN is validated in two halves, which reduces the number of attempts needed to guess the correct PIN.