Can my wireless network be hacked even with WPA2 encryption?

Posted on 2009-04-03
Last Modified: 2012-05-06

I have a question about my wireless home network. I set it up so that it is using WPA2 encryption, a 10 digit numeric key, and security filtering by MAC address. I have not disabled SSID broadcasting.

What I want to know is easily can this setup be cracked? And if it's easy, what should I do to make it more secure so it's almost impossible to crack unless someone tries a brute force attack on the password?

Question by:aseem1234

Assisted Solution

by:Christopher Nienaber
Christopher Nienaber earned 200 total points
ID: 24062726
WPA2 Is honestly the best out there for home use. The only thing that you could do to ensure it is 100% as secure as you can possibly get it is to use EAP encryption rather than TKIP. This should be an option on the router. However you need to ensure that your clients support auto-negotiation to this form of encryption or that they can be forced to use this type of encryption. If you are using scurity filtering based on mac and not allowing rogue mac addresses to connect ot the WAP you can rest easy. Its always a good idea to disable SSID broadcasting if you are certain that any users using the wireless network know how to connect to it.

If you want a good read on wireless encryption protocols check the following:

LEt me know if you have any further questions :)

Expert Comment

by:Christopher Nienaber
ID: 24062779
Also note the following section in the article:

"Weakness in TKIP"

It talks about how the TKIP algorithm in WPA is vulnerable to a similar flaw found in WEP, albeit on a much smaller scale in terms of the size of packets that can be hacked and decrypted.
LVL 38

Accepted Solution

Rich Rumble earned 300 total points
ID: 24065884
Your fairly secure. Also note the "weakness" is for WPA+TKIP not WPA2 + TKIP. One of the best things you have going for you is the use of 802.1x (the mac filtering you talked about). It is possible to spoof ones mac address, so it's not 100%. EAP can get complex to discuss, beacuse you can use eap-tls, peap-ms-chap and using PKI to secure it... EAP relates to 802.1x, and no matter which way you choose to use EAP, it is good to use.
Now the flaw I did see was a "10 digit numeric key". 10 digits would take a long time to brute-force, but it would take much longer to bf an alpha-numeric, varying case pass phrase. Well statistically speaking that is. The genius's ate Elcomsoft figured out a better way to accomplish BF: for WPA and WPA2. Then if someone was really dedicated to getting into your lan, 802.1x would be the next hurdle, but that is typically much easier than cracking the wep/wpa(2)
I don't wait for WPA2 to get weaker still, and I run a VPN over all wifi connections, so I don't have to worry about what protocol the wifi is using. Depending on your WAP, you too can have vpn configured, or make secure connections to other host's over RDP (terminal service, remote desktop), because RDP itself is an encrypted protocol.
Further reading:
Oh, and as far as broadcasting your SSID, personally I don't think it's a big deal if you take the steps to secure the wap.
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.


Expert Comment

ID: 24068910
No, they cannot crack your wireless password.

WPA2 is very strong, also with your mac address filtering (if you set it up so only the mac addresses you choose can connect) will not let anyone connect to your wireless.

May I ask why you think someone might hack your wireless? I doubt anyone would spend so much time trying to get through your security.

Expert Comment

ID: 24776210
Yes, WPA1/2 is vulnerable to dictionary attacks and here is how. There is software aircrack-ng among others that can capture the 4 way handshake.

Once a hacker has the 4 way handshake, they can do an offline brute force attack. If you choose to use WPA1/2 PSK, just make sure you use a password that has letters numbers and symbols. Something you wont find in a dictionary and you will be fine.

Expert Comment

ID: 24776222
also, mac address filter is a low level security posture. 802.11 frames are not encrypted. Someone with an analyzer can see the layer 2 frames. One can simply see the mac and then spoof it to their wlan nic. In fact thats how I share my wifi account at the airports with my freinds. They spoof their macs to the registered mac i have with at&t and get on the airport wireless.

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now