Will WPA3 PSK really not be hackable

Cracking WiFi passwords made easy

With the further development of a well-known tool for hackers and security researchers, it is possible to calculate the WLAN password of a network if it meets certain requirements. The revelations of security issues in WPA2 have been increasing since last year. There were no successful attacks on the encryption of the WLAN for ten years after the introduction of WPA2, until the scientist Mathy Vanhoef accidentally stumbled upon a vulnerability. The attack method that resulted from this achieved worldwide fame under the name "KRACK" in no time at all.

How the attack works

The attack path, now also discovered by chance, was posted in the hashcat developer forum (source in English) and has an advantage over KRACK: an attacker is no longer dependent on manipulating the connection between an access point and a client. The attacking computer can interact directly with the access point. For this reason, this is referred to as a “clientless” attack. The attacker has to record a few data packets from the WLAN and can use them to calculate the password if it is not sufficiently long and complex. As soon as the data packets have been intercepted, the actual cracking of the password can also happen "offline" without the attacker being in the vicinity.

Who is affected?

The attack potentially affects all wireless networks from the 802.11i standard that are secured with WPA2-PSK and have so-called "roaming" activated. These are usually networks that are used in the private sector as well as in smaller companies.
At the time of this writing, there is no complete list of affected devices or manufacturers.

What is the difficulty of the attack?

The tools for the attack (hcxdumptool, hcxtools and hashcat) are freely available on the Internet and their operation is not particularly complicated. An attacker also needs a special WLAN adapter that can be obtained inexpensively. In connection with a powerful computer, it is possible to calculate the WLAN password in a relatively short time. Overall, the attack can be carried out with less effort and less knowledge than with KRACK.

How to protect your network

Calculating a password becomes more difficult the longer it is. An eight-digit password was calculated in less than a minute in a test by the hashcat developer. A powerful computer with four high-end graphics cards was used. This is not an everyday configuration, but neither is it an immensely expensive supercomputer. Here it becomes clear that passwords that are too short no longer offer any real protection. The only effective protection at the moment is the use of a longer WLAN password. A sufficiently strong password should contain at least 20 characters. If this is guaranteed, it is much more difficult for an attacker to crack a WLAN password. It takes longer and uses more processing power than most. Setting a long WLAN password makes the attack uneconomical for the attacker.

In addition, an attacker aiming for a WLAN has to be in the vicinity for a short time at least once. In this respect, the attack is subject to similar restrictions as KRACK (see also our blog article "KRACK - how the WLAN should be secure again"). Depending on which WLAN router is used, you can also limit its transmission range so that it is not easily possible to compromise the WLAN without special accessories. The disadvantage, however, is that the reception quality of the WLAN can be impaired in certain areas of the house / apartment. To ensure additional security for your own data, there are a number of options - from encrypted transmission of e-mails to the use of VPN software. Even if an attacker were to manage to compromise the WLAN, they would not be able to steal any usable data if they were encrypted again themselves.

You can find further tips and tricks for WLAN security in our advisory article "Set up WLAN securely".

The G DATA solutions warn if there is a security risk due to a WLAN password that is too short and therefore insecure.

Stefan Siekmann

G DATA quality assurance

WPA3 is supposed to make the WLAN secure again

The development is progressing. Computing power is becoming more and more affordable. It is therefore only a matter of time before long passwords no longer provide effective protection. Password length is currently one of the last lines of defense against attacks on wireless networks. In contrast to KRACK, full access to the WLAN is possible if the password is successfully guessed. You can do a lot more damage. On the other hand, you have to be very selective at KRACK and cannot divert large amounts of data. The IEEE consortium is aware of this fact and a successor to the currently used WPA2 protocol has already been launched. According to current knowledge, the protocol called WPA3 is much more difficult to attack. The introduction should take place shortly. However, it is not yet clear which devices will support the standard. It is likely that older wireless routers will no longer support WPA3. Current devices should, however, receive support for WPA3 in the form of an update. WPA2 will therefore not immediately disappear from the scene and will be supported by most routers together with WPA3 for some time to come. Nobody has to worry that the old tablet will suddenly stop talking to the new router. However, it will take even longer until WPA3 has become widely accepted.