Recent news revealed a developer of a password cracking tool blogged on saying the secure wireless protocol Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access II (WPA2) password can be obtained easily. The saving grace is that the developer found the weakness during the examination of the new and more secure WPA3. It can get fairly technical in the attack, and for the non-IT geek, and most may even just say "if it ain't broken, don't fix it".
Case in point is that there is no patch to remediate this weakness. You can only mitigate. The risk is trivialized. Hopefully, through this article, will at best share in more layman terms how it can impact you and what you can do about it.
Basic understanding of Wi-Fi Authentication
Before we even take a look at the vulnerability, we need to at least know how Wi-Fi authentication works - what actually goes on behind the scenes to get you wirelessly connected. A typical home setup is your machine gets connected to a Wi-Fi Access Point which is wired to a modem gateway in order to get you onto the Internet.
The password gets a check by the simple Access Point which serves as an authenticator cum authenticator server. This authentication scheme, in a broad sense, is actually termed as 802.1x authentication - typically using EAPOL (Extended Authentication Protocol over LAN).
For any new connection, there is always the 4-way handshake (excluding the start and success packet) frame exchanges.
1. EAP Request Identity: When a user (802.1x supplicant) attempts to connect to the Enterprise AP (Authenticator).
2. RADIUS Access-Request/Challenge: When RADIUS (Authentication server) verifies identity and send back challenge*
3. EAP Response: When a user provides the credential, such as a username as well as a password or certificate**
4. RADIUS Access-Request/ Accept: When RADIUS verifies the credentials and sends an accept or rejects the packet.
* Challenge includes authentication (EAP) method which can be PEAP (Protected Extensible Authentication Protocol), MD5 (Message Digest 5), TLS (Transport Layer Security), TTLS (Tunneled Transport Layer Security), or another similar method.
** These are the two typical categories of authentication
There are more details but this should be enough to appreciate the weakness.
What is the vulnerability?
The weakness exists in the AP router that has its roaming setting enabled. Most modern routers support such seamless wireless roaming experience. It does it using a cached secret so that users do not go through the lengthy 4-way check upon re-connection as the user roams around a building or area. It is claimed to work against all 802.11i/p/q/r networks with roaming functions enabled.
Going deeper, there exists the RSN IE (Robust Security Network Information Element) in the packet which includes a Pairwise Master Key (PMK) identity number (PMKID). This is a key that can be easily cracked - why? The only secret is the PMK is derived from user password and SSID (a wireless identifier to connect or targeted). The rest are also known information which includes the MAC addresses. These can be easily retrievable or sniffed over the connection. This is demonstrated and shared on the following blog.
Using a weak password makes it an easy feat for a cracking tool to retrieve the password. It is also important to note that, as the SSID is also used to calculate the PMK, with the same password but a different SSID, we would end up with a different PMK.
What is the whole attack about?
The attack is performed through a single EAPOL frame (earlier mentioned in the basic) which will have the RSN IE and hence the PMKID. Once a valid PMKID packet is captured, the latter can be converted to an attack tool format (in this case, tool is called hashcat) for offline cracking. This is a new way to recover the WPA2-PSK passphrases from vulnerable devices.
The goodness of the attack is that it does not require client interaction or a 4-way handshake which may trigger network security devices like a wireless intrusion detection device.
Check out others' testing and tips in running the tool.
What can I do then?
Now that we know the weakness (hopefully), the most straightforward solution is to have a strong password such as a passphrase. But there is no forever panacea. As technology advances in hardware such as the GPU, which Hashcat uses to speed up the cracking process, more hacker's cracking tools will also get faster to reveal the password.
Single factor using a password (WPA/WPA2-PSK) is no longer a secure means for long term though it is simpler to implement for a wireless setup. Raise the bar (especially for Enterprise) by going for a more secure authentication method using certificate or token (WPA2-EAP (EAP), aka WPA Enterprise.
The other means which I see will be the way forward is to go for WPA3. Even the developer of the cracking tool noted that it’s “much harder to attack because of its modern key establishment protocol called ‘Simultaneous Authentication of Equals’ (SAE).”
The short of it is that the custodian of Wi-Fi standards (Wi-Fi Alliance) says that SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession. It will block authentication requests after several failed attempts, hence limiting the impact of such brute-force attacks. Also, it uses forward secrecy which ensures attackers who discover a Wi-Fi network's password cannot decrypt old traffic captures sent inside that network by others.
If I heed the advice, am I safe now?
Yes, against this new attack. No, as the 4 way handshake is still flawed so moving to the stronger version is advised. Importantly, you need to maintain a wireless security baseline posture, otherwise be susceptible to opportunistic attack. Here is a short checklist to kick start in your journey to secure the Wi-Fi networks with basic hygiene level.
Hope this article provides a better appreciation. It is an arms race so start securing your Wi-Fi connection/network now.