An Israeli security researcher managed to crack the passwords of 3500 Wi-Fi networks by collecting hashed out in the wild and using one simple assumption: most passwords are weak.
Capturing handshakes between the client and the Wi-Fi network is challenging and would not yield the kind of data the researchers would require. Instead, they used a technique, developed a few years ago, that allowed attackers to capture hashes out in the wild.
“The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required,” said the researcher who developed this technique.
“The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame. At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers),” he added.
By using this technique, the CyberArk Israeli researchers roamed the streets in Tel Aviv with Wi-Fi sniffing equipment. They gathered information on 5000 Wi-Fi networks and, using a cracking rig made up of eight QUADRO RTX 8000 48GB GPUs, managed to crack 70% of all networks.
Attackers used several cracking methods, but the most common were dictionary and mask attacks. It didn’t help that many Israeli use phone numbers as the default passwords. More than 2200 credentials were bypassed on the first try.
The dangers uncovered by this researcher are vast, ranging from the simple compromise of a Wi-Fi password to lateral movements inside a corporate network and exposing critical systems. As the researcher underline, none of this would be possible if the users followed a few simple rules:
· Choose a complex password. A strong password should include at least one lower case character, one upper case character, one symbol, one digit. It should be at least 10 characters long. It should be easily remembered and hard to anticipate. Bad example: Summer$021
· Change the default username and password of your router.
· Update your router firmware version.
· Disable weak encryption protocols (as WAP or WAP1).
· Disable WPS.