Can my wireless network be hacked even with WPA2 encryption?

Posted on 2009-04-03
Last Modified: 2012-05-06

I have a question about my wireless home network. I set it up so that it is using WPA2 encryption, a 10 digit numeric key, and security filtering by MAC address. I have not disabled SSID broadcasting.

What I want to know is easily can this setup be cracked? And if it's easy, what should I do to make it more secure so it's almost impossible to crack unless someone tries a brute force attack on the password?

Question by:aseem1234

Assisted Solution

by:Christopher Nienaber
Christopher Nienaber earned 200 total points
ID: 24062726
WPA2 Is honestly the best out there for home use. The only thing that you could do to ensure it is 100% as secure as you can possibly get it is to use EAP encryption rather than TKIP. This should be an option on the router. However you need to ensure that your clients support auto-negotiation to this form of encryption or that they can be forced to use this type of encryption. If you are using scurity filtering based on mac and not allowing rogue mac addresses to connect ot the WAP you can rest easy. Its always a good idea to disable SSID broadcasting if you are certain that any users using the wireless network know how to connect to it.

If you want a good read on wireless encryption protocols check the following:

LEt me know if you have any further questions :)

Expert Comment

by:Christopher Nienaber
ID: 24062779
Also note the following section in the article:

"Weakness in TKIP"

It talks about how the TKIP algorithm in WPA is vulnerable to a similar flaw found in WEP, albeit on a much smaller scale in terms of the size of packets that can be hacked and decrypted.
LVL 38

Accepted Solution

Rich Rumble earned 300 total points
ID: 24065884
Your fairly secure. Also note the "weakness" is for WPA+TKIP not WPA2 + TKIP. One of the best things you have going for you is the use of 802.1x (the mac filtering you talked about). It is possible to spoof ones mac address, so it's not 100%. EAP can get complex to discuss, beacuse you can use eap-tls, peap-ms-chap and using PKI to secure it... EAP relates to 802.1x, and no matter which way you choose to use EAP, it is good to use.
Now the flaw I did see was a "10 digit numeric key". 10 digits would take a long time to brute-force, but it would take much longer to bf an alpha-numeric, varying case pass phrase. Well statistically speaking that is. The genius's ate Elcomsoft figured out a better way to accomplish BF: for WPA and WPA2. Then if someone was really dedicated to getting into your lan, 802.1x would be the next hurdle, but that is typically much easier than cracking the wep/wpa(2)
I don't wait for WPA2 to get weaker still, and I run a VPN over all wifi connections, so I don't have to worry about what protocol the wifi is using. Depending on your WAP, you too can have vpn configured, or make secure connections to other host's over RDP (terminal service, remote desktop), because RDP itself is an encrypted protocol.
Further reading:
Oh, and as far as broadcasting your SSID, personally I don't think it's a big deal if you take the steps to secure the wap.
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.


Expert Comment

ID: 24068910
No, they cannot crack your wireless password.

WPA2 is very strong, also with your mac address filtering (if you set it up so only the mac addresses you choose can connect) will not let anyone connect to your wireless.

May I ask why you think someone might hack your wireless? I doubt anyone would spend so much time trying to get through your security.

Expert Comment

ID: 24776210
Yes, WPA1/2 is vulnerable to dictionary attacks and here is how. There is software aircrack-ng among others that can capture the 4 way handshake.

Once a hacker has the 4 way handshake, they can do an offline brute force attack. If you choose to use WPA1/2 PSK, just make sure you use a password that has letters numbers and symbols. Something you wont find in a dictionary and you will be fine.

Expert Comment

ID: 24776222
also, mac address filter is a low level security posture. 802.11 frames are not encrypted. Someone with an analyzer can see the layer 2 frames. One can simply see the mac and then spoof it to their wlan nic. In fact thats how I share my wifi account at the airports with my freinds. They spoof their macs to the registered mac i have with at&t and get on the airport wireless.

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now