White hat hackers have discovered an easy way to crack passwords from routers with WPA2 security.
When you’re using a Wi-Fi network these days, chances are you are counting on one of these protocols: WPA or WPA2. In short, your Wi-Fi signal is protected by the Wi-Fi Protected Access (WPA or WPA2) encryption standard. These wireless industry standards were designed to prevent potential hackers from intercepting the signal and reading your browsing data. Here’s the bad news: It was just reported that while investigating the new WP3 standard, a security researcher managed to break the encryption. So what’s the good news? At least now we know.
Specifically, the hack works on routers that have enabled roaming features with Pairwise Master Key Identifier (PMKID). First, the hacker requests the PMKID from the router, which they can save as a .pcapng file. Then, the hacker converts that .pcapng to a hash format compliant with password-recovery tool Hashcat. Finally, the hacker uses Hashcat to recover the password. Once they have it, they’re in. On the surface, it seems as easy as 1-2-3.
But while this new discovery alarms many, Avast security evangelist Luis Corrons wants to restore sanity. “This is a new approach to attack WPA2, however we shouldn’t panic,” he comments. “Let’s not forget that first, the attacker must be physically close to the router to be in the WiFi range. Furthermore, the attacker only obtains a hash. That means he or she has to try to guess the password using a brute force attack. If your Wi-Fi password is short, then you have a problem. But if you have the usual long password, it would take significantly longer to crack it. Those with a short Wi-Fi password should change it right now.”
To prevent your router from being hacked with this new attack, Avast recommends:
Change your password — As Luis states above, change your password right now. Even if you think it’s good and complex, take it to another level of complexity. You can either come up with an uncrackable password yourself, or better yet, take a load off and use the Avast Random Password Generator. You can control the character limit and which types of characters get included (upper case, lower case, numbers, and special characters). It also automatically rates your password based on strength. If you like it, try Avast Passwords which will manage all your passwords.
Update to WPA3 — Over the next five years, all connected wireless devices will be upgraded to WPA3, but you do not need to wait that long. The new security protocol will start rolling out in late 2018/early 2019, and you’ll have the option to update your WPA3-compliant devices yourself. As soon as it’s available, install and update.