CYBER NEWS

New Attack on WPA/WPA2 Discovered, Most Modern Routers at Risk

A new attack on Wi-Fi protected access protocols has been discovered. The new technique to crack WPA PSK (Pre-Shared Key) passwords enables outside users to capture access credentials easily.

The discovery of the attack was accidental – the Hashcat developers came across the new attack while testing the security of the upcoming WPA3 authentication method for wireless networks.

Did you know? WPA3 is the latest version of Wi-Fi Protected Access otherwise known as WPA – a user authentication technology aimed at wireless connections. The Wi-Fi Alliance started developing WPA3 after the discovery of the KRACK vulnerability within the WPA2 protocol. The flaw allowed attackers to gain access to Wi-Fi transmissions guarded by the WPA2 standard. Read more about WPA3.

The new technique captures the Pairwise Master Key Identifier (PMKID) and as explained by the developers that devised it, it works against 802.11i/p/q/r networks with roaming functions enabled. This means that most modern routers are potentially at risk.

What is the difference between the new attack and previous WPA/WPA2 cracks?

According to Hashcat developer Jen “Atom” Steube, the most significant difference between older attacks and the newly discovered method is that an attacker no longer needs another user to be on the targeted network to capture credentials. The only thing needed is the initiation of the authentication process.

The researcher also added that earlier WPA/WPA2 attacks were more challenging to carry out, because “in the past the attacker had to record the WPA four-way handshake to launch an offline attack”. This may sound easy but in fact this type of attack can create a lot of trouble from a technical perspective.




The new attack is much easier to pull off, because “if you receive the PMKID from the access point, you will be able to get into the network if you can guess the [WPA] pre-shared key (PSK)“.

Depending on the length and complexity of the pre-shared key, the success of the attack may vary. It should be noted that most users don’t have the technical capacity to change the PSK on their routers and generally use the manufacturer generated key. This becomes a premise for attackers to guess the key. The cracking of such a password becomes even easier with manufacturers creating PSKs following a pattern that can be traced back to the make of the routers.

In a nutshell, here’s why this attack is much better than previous techniques:

– No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
– No more waiting for a complete 4-way handshake between the regular user and the AP
– No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
– No more eventual invalid passwords sent by the regular user
– No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
– No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
– No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string

Who is affected?

At this time, the researchers are not sure for which vendors or for how many routers this technique will work, but they definitely think it will work against all 802.11i/p/q/r networks with roaming functions enabled. Shortly put, this means most modern routers.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...