Legacy WiFi just became a little less safe, according to Jens Steube, the developer of the password-cracking tool known as Hashcat. He has found a faster, easier way to crack some WPA/WPA2-protected WiFi networks.
Hackers have compromised the WPA/WPA2 encryption protocols in the past, but it’s an onerous, time-consuming process that requires a man-in-the-middle approach (absent an unpatched vulnerability, that is). It means waiting for a legitimate user to log into the secure network, and being physically poised to use an over-the-air tool to intercept the information that’s sent from the client to the WiFi router during the four-way handshake process that’s used for authentication.
That handshake verifies the Pairwise Master Key Identifier (PMKID), which is used by WPA/WPA2-secured routers to establish a connection between a user and an access point. Armed with this captured piece of information, a bad actor would then brute-force the password, using, say, Hashcat (or another automated cracking tool). The entire process could take hours, depending on how long the brute-forcing takes, how noisy the WiFi network is and so on.
The new strategy allows an attacker to instead lift the PMKID directly from the router, without waiting for a user to log in and without needing to gain visibility into the four-way handshake.
WPA/WPA2 WiFi networks use Extensible Authentication Protocol (EAP) over LAN (EAPoL) to communicate with clients. It’s a network port authentication protocol which was developed to give a generic network sign-on to access WiFi network resources. Embedded within that is Robust Secure Network (RSN) protocol, which is designed for establishing secure communication channels over Wi-Fi. It uses a specialized RSN Information Element (RSN IE) to make that connection work.
It turns out that the PMKID — needed to log into a WPA/WPA2-secured network — is carried in the RSN IE broadcast in EAPOL traffic. That means that the router actually provides it as part of its beaconing, so an unauthenticated attacker can access it by merely attempting to connect to the network.
“The PMKID is computed by using HMAC-SHA1 where the key is the PMK and the data part is the concatenation of a fixed string label ‘PMK Name,’ the access point’s MAC address and the station’s MAC address,” Steube explained in a posting late last week on the attack.
“Since the PMK is the same as in a regular EAPOL four-way handshake, this is an ideal attacking vector. We receive all the data we need in the first EAPOL frame from the [WiFi access point],” he wrote.
Thus, an attacker can obtain the PMKID via a simple packet-capture tool (Steube used the hcxdumptool). Significantly, the average time it takes to accomplish one’s nefarious purpose is around 10 minutes, Steube said. From there, attackers can begin the brute-forcing process.
Steube stumbled upon the technique while attempting to crack the WPA3 encryption protocol, which was released in January by the Wi-Fi Alliance. It incorporates modern best practices, like dynamic data encryption, and it allows users to be blocked after too many log-in attempts to help protect against brute-forcing thanks to a new key scheme.
“WPA3 will be much harder to attack because of its modern key establishment protocol called Simultaneous Authentication of Equals (SAE),” Steube explained. SAE requires interaction with the infrastructure for each guessed password, and the infrastructure can place limits on the number of guesses submitted.
The new cracking technique works only against WPA and WPA2-secured routers running 802.11i/p/q/r protocols, and they must have PMKID-based roaming features enabled. Upgrading one’s routers is the best path to protection. However, older routers will live on for quite some time in both homes and businesses, so users should check for firmware updates from their router manufacturer. Also, the use of a strong password is also a smart mitigation.
“In light of these new techniques, people and organizations should upgrade their routers to WPA3 as soon as updates become available,” Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, told Threatpost. “Until then, I recommend using a VPN connection on top of WiFi for an additional layer of encryption [and checking for patches].”