How to defend against new cracking WPA/WPA2 Passwords
Last night in a meeting we were informed that wp2 is no longer secure that a new method for vracking WPA/WPA2 Passwords on 802.11 networks has been recently discovered.
Any EE aware of this? How can we protect our WiFi routers against this new threat?
Any EE aware of this? How can we protect our WiFi routers against this new threat?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This WiFi hack also does not work against next-generation wireless security protocol WPA3 as the latter does a modern key establishment protocol called ‘Simultaneous Authentication of Equals’ (SAE).” which make it tougher for the tool to crack.
Since the new WiFi hack only works against networks with roaming functions enabled and requires attackers to brute force the password, use a strong passphrase would still work out against the Hashcat based tool. I still see it is sufficient if the appropriate pre shared secret is chosen and regularly changed.
Lastly, based on environment, use certificate WPA Enterprise (i.e. systems using WPA2-EAP) which is not impacted. If required a enterprise level wireless IPS help to reduce exposure on attempts of active Mitm and anomalous client that is persistently capturing the packet.
Since the new WiFi hack only works against networks with roaming functions enabled and requires attackers to brute force the password, use a strong passphrase would still work out against the Hashcat based tool. I still see it is sufficient if the appropriate pre shared secret is chosen and regularly changed.
Lastly, based on environment, use certificate WPA Enterprise (i.e. systems using WPA2-EAP) which is not impacted. If required a enterprise level wireless IPS help to reduce exposure on attempts of active Mitm and anomalous client that is persistently capturing the packet.
ASKER
Thanx all!
For info on the EE article regarding this attack which you may check on other tips https://www.experts-exchange.com/articles/32690/A-layman's-explanation-and-look-into-Wireless-Security.html
ASKER
Thanx
The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that’s done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network.
Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days.
“The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame,” Steube explained.
This makes the attack much easier to pull off, as the attacker doesn’t depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.
Luckily, protecting one’s WPA and WPA2 wireless networks against this attack is as easy as setting a complex, long and random password – and not using the one generated by the router.
Ref: https://www.helpnetsecurity.com/2018/08/07/crack-wpa2-passwords/