In a bid to highlight how unsecure Wi-Fi passwords could be, cybersecurity researchers have hacked over 70% of Wi-Fi network from a sample of 5,000 with relative ease in the Israeli city of Tel Aviv.
This activity was conducted by CyberArk security researcher Ido Hoorvitch using a Wi-Fi sniffing tool costing $50 to collect 5,000 network hashes. The process of sniffing and cracking was a very accessible undertaking in terms of equipment, costs and execution.
This Wi-Fi attack is built on previous findings by Jens “atom” Steube in 2018 involving the capturing of what’s called the PMKIDs associated with a client (aka SSID) in order to attempt a brute-force attack using password recovery tools like hashcat.
PMKID is a unique key identifier used by the access point (AP) to keep track of the pre-shared key — i.e., pairwise master key aka PMK — being used for the client. PMKID is a derivative of AP’S MAC address, client’s MAC address, PMK and PMK Name.
“Atom’s technique is clientless, making the need to capture a user’s login in real time and the need for users to connect to the network at all obsolete,” Hoorvitch said in the report. “Furthermore, it only requires the attacker to capture a single frame and eliminate wrong passwords and malformed frames that are disturbing the cracking process.”
The collected hashes were then subjected to a “mask attack” to determine if cell phone numbers were used as Wi-Fi passwords, a practice common in Israel, uncovering 2,200 passwords in the process. In a subsequent dictionary attack using “RockYou.txt” as a password source, the researcher was able to crack an additional 900 hashes, with the number of breached passwords decreasing as the password length increased.
LEARN HOW TO CRACK A WIFI PASSWORD
Upon compromise of a Wi-Fi network, a hacker can mount a man-in-the-middle (MiTM) attack to gain access to sensitive information as well as pivot laterally across the network to breach other critical systems connected to the same network.
The longer the password, the better. A strong pass must have a complex combination and should be at least 10 characters long.