Wi-Fi is one of the most important parts of our everyday life where we can share our internet connection, files and more. In fact, it’s become a standard for our internet connection, right? As it’s important, the security is also quite important.
Recently, a new technique was discovered using which the PMKID (Pairwise Master Key Identifier) from a router using WPA/WPA2 security can be retrieved easily. Using it, it’s easy to crack the wireless password of the router. Until this discovery, it would require an attacker to wait for a user to log into a network and capture a full authentication handshake. This new method allows the breach with only a single frame which the attacker can request from the access point just because it’s a regular part of the protocol.
The new method
This new method was discovered by Jens “atom” Steube – the developer of the popular password cracking tool Hashcat when looking for new ways to crack WPA3 wireless security protocol. According to Steube, this method is able to work against all the routers that use 802.11i/p/q/r networks with roaming (enabled).
This method extracts the RSN IE (Robust Security Network Information Element) from a single EAPOL frame. The RSN IE is the optional field that contains the PMKID that the router generates when a user tries to authenticate.
If you didn’t know, this PMK is a crucial part of the 4-way handshake in-between the client and the router that ensures that the client knows the wireless password (PSK – Pre-shared Key) of that network.
For knowing in details the procedures of the hacking, head to Steube’s poast on Hashcat forum.
How long to crack the WPA/WPA2 wireless key?
Well, the method that Steube discovered makes it relatively a lot easier to get your hand on that hash that contains the PSK, but cracking the hash is still a thing. Depending on the complexity of the password, the time for cracking the key is still a long time.
Unfortunately, many users don’t change the default password that comes up with the router and they seem not eager to do so. In fact, in cases they even lack the technical knowledge to perform the action. According to Steube, if the users continue to use the manufacturer generated PSK, it makes it relatively easy to perform the attack on a large group of WPA users.
Certain manufacturers create password that are easily determinable. Using programs Hashcat, the cracking of the password is just a matter of time. Steube states that the AP mac address and the pattern of the ESSID allows an attacker to even identify the manufacturer of the router without having physical access to it. A typical manufacturer PSK of length 10 characters can take up to 8 days to crack on a 4 GPU box. That’s too fast, to be honest!
Protecting your router from being cracked
For properly safeguarding your router, it’s time that you take action to make it safe. It’s not something big, rocket science; all you have to do is change the password! Depending on the manufacturer of your router, you can find out lots of useful tutorials on changing your password. Don’t forget to use a strong one! Check out if your password is strong on LastPass.