Pulling WiFi Passwords from Thin Air Makes Hacking Easier

The importance of setting a strong password to protect access to connected devices is highlighted once more by new research in the field of capturing login keys for WiFi access points. The latest technique improves on previous methods, requiring less time and effort to capture the data; it also yields more reliable results.

Attackers after your WiFi passwords needs to be in range of your wireless network to sniff the air for a particular type of traffic. Once they get it, they can use freely available utilities to decode it and extract information. The new approach may take up to 10 minutes to retrieve data.

The method works on the first two versions of the WiFi Protected Access (WPA) protocol that secures wireless networks. They are supported by certified devices since 2006. Not all of them are vulnerable to this approach to password theft though; older devices are unlikely to be affected.

For a successful attack, the access point must support network roaming – a function that allows continuous connection to a client in motion (mesh network), and have it active. Most modern routers have this feature, mainly to extend internet coverage from a router. It could also be enabled when your router connects to a modem from your ISP.

Jens Steube, the lead developer of the Hashcat password-cracking utility, discovered the technique by accident, while looking into a way to attack WPA3, the most recent version of the security protocol. He found that an attacker does not have to wait for or force a user to authenticate and connect to the target network in order to capture the exchange with the access point.

Instead, hackers can attempt to authenticate themselves and capture the data containing the WiFi password value. This renders unnecessary the legitimate user, who could type an incorrect WiFi key. By retrieving the information directly from the target device, the attacker can be sure the data is valid.

Make no mistake: this method does not pull a clear text version of the WiFi password, just a hash representation of it – fix-sized code for a character string of any length. Once calculated, the hash cannot be converted to the original data; but bad guys have huge files with strings, and calculate their hashes to match to the code retrieved from your access point.

Having a strong, unique password or passphrase ensures the failure of this method. Even if hackers get the hash of your WiFi key, they would have nothing to match it to. All they can do is wait for a method to become available for cracking the hash. By that time, there is a good chance you would have moved to a different security key.

Image credit: Pixabay

Add Comment

Your email address will not be published. Required fields are marked *