A new attack on Wi-Fi protected access protocols has been discovered. The new technique to crack WPA PSK (Pre-Shared Key) passwords enables outside users to capture access credentials easily.
The discovery of the attack was accidental – the Hashcat developers came across the new attack while testing the security of the upcoming WPA3 authentication method for wireless networks.
The new technique captures the Pairwise Master Key Identifier (PMKID) and as explained by the developers that devised it, it works against 802.11i/p/q/r networks with roaming functions enabled. This means that most modern routers are potentially at risk.
What is the difference between the new attack and previous WPA/WPA2 cracks?
According to Hashcat developer Jen “Atom” Steube, the most significant difference between older attacks and the newly discovered method is that an attacker no longer needs another user to be on the targeted network to capture credentials. The only thing needed is the initiation of the authentication process.
The researcher also added that earlier WPA/WPA2 attacks were more challenging to carry out, because “in the past the attacker had to record the WPA four-way handshake to launch an offline attack”. This may sound easy but in fact this type of attack can create a lot of trouble from a technical perspective.
The new attack is much easier to pull off, because “if you receive the PMKID from the access point, you will be able to get into (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/attack-wpa-wpa2-modern-routers/