BF-SIRT Newsletter 2018-32

A new method has been found to make cracking WPA/WPA2 easier

The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.

The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.

Top 5 Security links