Will WPA3 PSK really not be hackable
Cracking WiFi passwords made easy
With the further development of a well-known tool for hackers and security researchers, it is possible to calculate the WLAN password of a network if it meets certain requirements. The revelations of security issues in WPA2 have been increasing since last year. There were no successful attacks on the encryption of the WLAN for ten years after the introduction of WPA2, until the scientist Mathy Vanhoef accidentally stumbled upon a vulnerability. The attack method that resulted from this achieved worldwide fame under the name "KRACK" in no time at all.
How the attack works
The attack path, now also discovered by chance, was posted in the hashcat developer forum (source in English) and has an advantage over KRACK: an attacker is no longer dependent on manipulating the connection between an access point and a client. The attacking computer can interact directly with the access point. For this reason, this is referred to as a “clientless” attack. The attacker has to record a few data packets from the WLAN and can use them to calculate the password if it is not sufficiently long and complex. As soon as the data packets have been intercepted, the actual cracking of the password can also happen "offline" without the attacker being in the vicinity.
Who is affected?
The attack potentially affects all wireless networks from the 802.11i standard that are secured with WPA2-PSK and have so-called "roaming" activated. These are usually networks that are used in the private sector as well as in smaller companies.
At the time of this writing, there is no complete list of affected devices or manufacturers.
What is the difficulty of the attack?
The tools for the attack (hcxdumptool, hcxtools and hashcat) are freely available on the Internet and their operation is not particularly complicated. An attacker also needs a special WLAN adapter that can be obtained inexpensively. In connection with a powerful computer, it is possible to calculate the WLAN password in a relatively short time. Overall, the attack can be carried out with less effort and less knowledge than with KRACK.
How to protect your network
Calculating a password becomes more difficult the longer it is. An eight-digit password was calculated in less than a minute in a test by the hashcat developer. A powerful computer with four high-end graphics cards was used. This is not an everyday configuration, but neither is it an immensely expensive supercomputer. Here it becomes clear that passwords that are too short no longer offer any real protection. The only effective protection at the moment is the use of a longer WLAN password. A sufficiently strong password should contain at least 20 characters. If this is guaranteed, it is much more difficult for an attacker to crack a WLAN password. It takes longer and uses more processing power than most. Setting a long WLAN password makes the attack uneconomical for the attacker.
In addition, an attacker aiming for a WLAN has to be in the vicinity for a short time at least once. In this respect, the attack is subject to similar restrictions as KRACK (see also our blog article "KRACK - how the WLAN should be secure again"). Depending on which WLAN router is used, you can also limit its transmission range so that it is not easily possible to compromise the WLAN without special accessories. The disadvantage, however, is that the reception quality of the WLAN can be impaired in certain areas of the house / apartment. To ensure additional security for your own data, there are a number of options - from encrypted transmission of e-mails to the use of VPN software. Even if an attacker were to manage to compromise the WLAN, they would not be able to steal any usable data if they were encrypted again themselves.
You can find further tips and tricks for WLAN security in our advisory article "Set up WLAN securely".
The G DATA solutions warn if there is a security risk due to a WLAN password that is too short and therefore insecure.
G DATA quality assurance
WPA3 is supposed to make the WLAN secure again
The development is progressing. Computing power is becoming more and more affordable. It is therefore only a matter of time before long passwords no longer provide effective protection. Password length is currently one of the last lines of defense against attacks on wireless networks. In contrast to KRACK, full access to the WLAN is possible if the password is successfully guessed. You can do a lot more damage. On the other hand, you have to be very selective at KRACK and cannot divert large amounts of data. The IEEE consortium is aware of this fact and a successor to the currently used WPA2 protocol has already been launched. According to current knowledge, the protocol called WPA3 is much more difficult to attack. The introduction should take place shortly. However, it is not yet clear which devices will support the standard. It is likely that older wireless routers will no longer support WPA3. Current devices should, however, receive support for WPA3 in the form of an update. WPA2 will therefore not immediately disappear from the scene and will be supported by most routers together with WPA3 for some time to come. Nobody has to worry that the old tablet will suddenly stop talking to the new router. However, it will take even longer until WPA3 has become widely accepted.
- What is the police check for the passport
- What is a single core wire
- Is nikebn com a scam website
- What is the least comfortable fabric to wear
- What are some great South Gothic novels
- What do keralites usually eat
- What is the atmosphere of Phobos
- How do I register with Ripple
- What is most fascinating about diamonds
- Should adult adults still ride BMX bikes
- What are interference fringes caused by
- Is Gonzaga University Online being taken seriously
- Lies are innocent
- What does adulthood mean to you
- Where is the southernmost mosque
- How do circlips help industrial machines
- Is math necessary in medicine
- What are the subcategories of rock music
- What are airplane windows made of
- Who are Palantir's commercial customers
- What do leftists call African Americans
- Why is LPG stored in spherical tanks
- How do you define errors
- Bill Gates works to eradicate malaria
- Can we ban government shutdowns?
- What technology does Google use
- What sentence doctors hate to hear
- A Christian wedding is a haram gathering
- Can hemp oil be used for dogs
- I Rahul Gandhi tough competition for modes
- Which bachelor's degree will be helpful
- Car battery warranties are transferable
- Why Steve Jobs wanted to write his biography
- What is stolen