New Wi-Fi attack cracks WPA2 passwords with ease

Brink

Administrator
Staff member
Local time
2:19 AM
Messages
74,887
Location
Oklahoma
A new way to compromise the WPA/WPA2 security protocols has been accidentally discovered by a researcher investigating the new WPA3 standard.

The attack technique can be used to compromise WPA/WPA2-secured routers and crack Wi-Fi passwords which have Pairwise Master Key Identifiers (PMKID) features enabled.

Security researcher and developer of the Hashcat password cracking tool Jens "Atom" Steube made the discovery and shared the findings on the Hashcat forum earlier this month.

At the time, Steube was investigating ways to attack the new WPA3 security standard. Announced in January by industry body the Wi-Fi Alliance, WPA3 is the latest refresh of the Wi-Fi standard.

WPA3 aims to enhance user protection, especially when it comes to open Wi-Fi networks and hotspots commonly found in public spaces, bars, and coffee shops. The new standard will utilize individualized data encryption to scramble connections -- as well as new protections against brute-force attempts to crack passwords.

However, the aging WPA2 standard has no such protection...


Read more: https://www.zdnet.com/article/new-wi-fi-attack-cracks-wpawpa2-passwords-with-ease/
 

My Computer My Computer

At a glance

64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
Hello Brink


> " ... Pairwise Master Key Identifiers (PMKID) features enabled"


I have absolutely no idea what that phrase may mean.


Anyone ?
 

My Computer My Computer

At a glance

Windows 7 Pro x64Intel i5-8265U8gbIntel Iris Plus 655
Computer type
Laptop
Computer Manufacturer/Model Number
HP 250 G7
OS
Windows 7 Pro x64
CPU
Intel i5-8265U
Motherboard
Intel Coffee Lake
Memory
8gb
Graphics Card(s)
Intel Iris Plus 655
Sound Card
Realtek HDA
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Crucial P5 NVMe 1Tb internal
WD's 4Tb, 3Tb, 2 x 2Tb external
Mouse
Logi wireless
Internet Speed
45 Mbps
Antivirus
AVG
Browser
Firefox 88, Pale Moon 29, Brave 129
Other Info
Combination of i5-8265U with Crucial P5 achieves Crystal Bench scores > 5000

Iris Plus GPU (Whiskey Lake) driver from BioStar

HP 250 G7 is a budget machine
I don't either and it mentions some 802.11 standards that I have no idea about. Reading from the comments it appears that one still needs to crack the hash as the hash is all you get. So if your password is strong it will be hard to crack.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64

My Computer My Computer

At a glance

64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
Thanks Brink


Somewhat less muddy now - seems this "Pairwise" technique is designed to cache some wifi connection protocols (EAP) to individual AP's so that later re-connection is faster.


Since this only applies to my mobile phone and only in very specific circumstances, whether or not PMKID is enabled (how to tell ?) seems moot. So thank you for the answer - it is very helpful.
 

My Computer My Computer

At a glance

Windows 7 Pro x64Intel i5-8265U8gbIntel Iris Plus 655
Computer type
Laptop
Computer Manufacturer/Model Number
HP 250 G7
OS
Windows 7 Pro x64
CPU
Intel i5-8265U
Motherboard
Intel Coffee Lake
Memory
8gb
Graphics Card(s)
Intel Iris Plus 655
Sound Card
Realtek HDA
Monitor(s) Displays
Generic
Screen Resolution
1366 x 768
Hard Drives
Crucial P5 NVMe 1Tb internal
WD's 4Tb, 3Tb, 2 x 2Tb external
Mouse
Logi wireless
Internet Speed
45 Mbps
Antivirus
AVG
Browser
Firefox 88, Pale Moon 29, Brave 129
Other Info
Combination of i5-8265U with Crucial P5 achieves Crystal Bench scores > 5000

Iris Plus GPU (Whiskey Lake) driver from BioStar

HP 250 G7 is a budget machine
Back
Top