New Attack on WPA/WPA2 Discovered, Most Modern Routers at Risk

A new attack on Wi-Fi protected access protocols has been discovered. The new technique to crack WPA PSK (Pre-Shared Key) passwords enables outside users to capture access credentials easily.

The discovery of the attack was accidental – the Hashcat developers came across the new attack while testing the security of the upcoming WPA3 authentication method for wireless networks.

Did you know? WPA3 is the latest version of Wi-Fi Protected Access otherwise known as WPA – a user authentication technology aimed at wireless connections. The Wi-Fi Alliance started developing WPA3 after the discovery of the KRACK vulnerability within the WPA2 protocol. The flaw allowed attackers to gain access to Wi-Fi transmissions guarded by the WPA2 standard. Read more about WPA3.

The new technique captures the Pairwise Master Key Identifier (PMKID) and as explained by the developers that devised it, it works against 802.11i/p/q/r networks with roaming functions enabled. This means that most modern routers are potentially at risk.

What is the difference between the new attack and previous WPA/WPA2 cracks?

According to Hashcat developer Jen “Atom” Steube, the most significant difference between older attacks and the newly discovered method is that an attacker no longer needs another user to be on the targeted network to capture credentials. The only thing needed is the initiation of the authentication process.

The researcher also added that earlier WPA/WPA2 attacks were more challenging to carry out, because “in the past the attacker had to record the WPA four-way handshake to launch an offline attack”. This may sound easy but in fact this type of attack can create a lot of trouble from a technical perspective.

The new attack is much easier to pull off, because “if you receive the PMKID from the access point, you will be able to get into (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: