New WPA2 Attack Discovered by Accident. Here's What You Need to Know.
For years, we all thought that when it comes to the security of a wireless network, WPA2 is just about unbeatable. WPA2, as you may know, is the second incarnation of the Wi-Fi Protected Access (WPA) protocol which was developed when the previous standard, WEP (or Wired Equivalent Privacy), was deemed unsecure.
In October 2017, however, Mathy Vanhoef, a security researcher demonstrated what has become widely known as the KRACK attack which showed that, like basically everything related to computers, WPA2 isn't invincible. Security experts quickly pointed out that while viable, KRACK (which stands for Key Reinstallation) isn't the simplest attack to pull off. Nevertheless, the news got blown out of proportion, and many people started explaining how we should all ditch Wi-Fi and start going everywhere armed with a few dozen feet of LAN cables.
We've yet to hear news of anyone actually causing damage through a KRACK attack in the wild, and it's safe to say that predictions of impending doom are unsubstantiated. Nevertheless, the discovery of the security hole did serve as a reminder that WPA2 is more than a decade old and is getting past its sell-by date.
That's why about a month ago, Wi-Fi Alliance® announced the introduction of WPA3 – a new protocol that is supposed to be much more secure. Needless to say, security experts started poking it in an attempt to see whether it really is good enough to protect millions of Wi-Fi networks from intruders. While examining it, the developers of the Hashcat password cracking tool accidentally discovered another attack on WPA2 that might be quite a bit easier to pull off than the one disclosed last year.
This one doesn't require the recording of the 4-way handshake between a device and the router. In fact, the hackers noted that they don't even need another person trying to connect to the network. They just need to capture and save a packet that contains something known as the Pairwise Master Key Identifier (or PMKID), save it in a format compatible with Hashcat, and let the cracking application do its business. Hashcat's creators noted that using four GPUs, they cracked the key in around ten minutes, though they also said that the required time could depend on the noise of the Wi-Fi signal.
They couldn't provide a list of affected routers, but they did say that 802.11i/p/q/r networks with enabled roaming function are vulnerable, which, they said, cover most modern Wi-Fi configurations. Crucially, the attack won't work on WPA3, because in that protocol, the key exchange mechanism is completely different.
Does that mean that you should all wait for the WPA3 standard to be widely adopted and avoid Wi-Fi until then? No, it doesn't. Experts point out that although different routers have different means of generating keys, the general rule is that the stronger the Wi-Fi password, the stronger the key and the more difficult it is to crack.
So, to protect your wireless network against this brand new attack, you must do something that you should be doing anyway – ensuring that your Wi-Fi is secured with a strong, random, and reasonably long password.