A new method has been found to make cracking WPA/WPA2 easier

The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.

The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.

Top 5 Security links

Flaw in BIND Security Feature Allows DoS Attacks
Bypassing and exploiting Bucket Upload Policies and Signed URLs
Windows 10 Enterprise Getting “InPrivate Desktop” Sandboxed Execution Feature
Expect API Breaches to Accelerate
Let’s Encrypt Is Now Officially Trusted by All Major Root Programs

Photo by Misha Feshchak on Unsplash

A new method has been found to make cracking WPA/WPA2 easier

You might also like