More than 70% of the 5,000 Wi-Fi networks were hacked “relatively easily” in the city of Tel Aviv in Israel, emphasizing how insecure Wi-Fi passwords can become a gateway to serious threats to individuals, small businesses and factories alike.
CyberArk security researcher Ido Horowitz, who used $ 50 worth of Wi-Fi sniffing equipment to gather 5,000 network hackers for the study, said “The Wi-Fi sniffing process and subsequent cracking procedures were a very accessible task in terms of equipment, costs and execution.”
The new Wi-Fi attack is based on Previous findings By Jens “atom” Steube in 2018 which includes capturing so-called PMKIDs associated with the client (also known as SSID) in order to attempt a coarse force attack using a password recovery tool like hashcat.
PMKID is a Unique key ID Used by the access point (AP) to track the common key in advance – i.e. a key in a relationship or PMK – used for the client. PMKID is a derivative of APs MAC address, MAC address of the customer, name PMK and PMK.
“Atom’s technique is client-free, making the need to capture the user’s login in real time and the need for users to connect to the network in general obsolete,” Horowitz said in the report. Incorrect and incorrect frameworks that interfere with the cracking process. “
Subsequently, the hash collected underwent a “mask attack” to determine whether cell phone numbers were used as Wi-Fi passwords, a common practice in Israel, while exposing 2,200 passwords. In the next chapter Dictionary attack Through “RockYou.txt“As a source of passwords, the researcher was able to crack 900 more heaps, with the number of passwords hacked decreasing as the password length increased.
A successful Wi-Fi network compromise could allow a threatened player to launch mid-range (MiTM) attacks to gain access to sensitive information, not to mention a lateral axis across the network to break into other critical systems connected to the same network.
“The lesson here? The longer the slogan, the better,” Horowitz said. “A strong password must contain at least one lowercase letter, one uppercase letter, one symbol, one digit. It must be at least 10 characters long.”