Results 1 to 7 of 7

Thread: Researcher looking at WPA3 discovers new WPA2 attack

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    Researcher looking at WPA3 discovers new WPA2 attack

    Says that "most modern routers" will be vulnerable to the security flaw.
    Read more.

  2. #2
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Researcher looking at WPA3 discovers new WPA2 attack

    The source and discussion is here: (Also linked to in the above article)

    https://hashcat.net/forum/thread-7717.html

    Which indicates to consumer grade devices may not be affected - although the latest Fritz Box OS update may introduce this vulnerability.

    Be interested to see if the Draytek series are affected - no doubt there will be a security update in due course.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. #3
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Researcher looking at WPA3 discovers new WPA2 attack

    How long to crack it? How many GPUs? Well I suppose we've found a use for all the old mining stock.

    Last time I tried to break WPA2 (I gave it the handshake to make life easier for it), the hackintosh nearly had a stroke.

    Yes, I set up a network so I could try and hack it whilst slightly drunk. I'm a sad, sad person.

  4. Received thanks from:

    afiretruck (08-08-2018),DanceswithUnix (09-08-2018)

  5. #4
    Senior Member
    Join Date
    Aug 2013
    Location
    North Wales
    Posts
    1,849
    Thanks
    165
    Thanked
    271 times in 202 posts
    • virtuo's system
      • Motherboard:
      • Gigabyte Aorus Master X570
      • CPU:
      • Ryzen 9 5950x
      • Memory:
      • 64Gb G.Skill TridentZ Neo 3600 CL16
      • Storage:
      • Sabrent 2TB PCIE4 NVME + NAS upon NAS upon NAS
      • Graphics card(s):
      • RTX 3090 FE
      • PSU:
      • Corsair HX850 80+ Platinum
      • Case:
      • Fractal Meshify 2 Grey
      • Operating System:
      • RedStar 3, Ubuntu, Win 10
      • Monitor(s):
      • Samsung CRG90 5140x1440 120hz
      • Internet:
      • PlusNet's best, but still poor, attempt

    Re: Researcher looking at WPA3 discovers new WPA2 attack

    Quote Originally Posted by philehidiot View Post
    Yes, I set up a network so I could try and hack it whilst slightly drunk. I'm a sad, sad person.
    Worse when you do it sober

    ... hm

  6. #5
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    1,278
    Thanks
    568
    Thanked
    94 times in 83 posts
    • Iota's system
      • Motherboard:
      • Asus Maximus Hero XI
      • CPU:
      • Intel Core i9 9900KF
      • Memory:
      • CMD32GX4M2C3200C16
      • Storage:
      • 1 x 250GB / 1 x 1TB / 1 x 2TB Samsung 970 Evo Plus NVMe
      • Graphics card(s):
      • Nvidia RTX 3090 Founders Edition
      • PSU:
      • Corsair HX1200i
      • Case:
      • Corsair Obsidian 500D
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • Samsung Odyssey G9
      • Internet:
      • 40Mbps SKY Fibre

    Re: Researcher looking at WPA3 discovers new WPA2 attack

    Quote Originally Posted by philehidiot View Post
    Yes, I set up a network so I could try and hack it whilst slightly drunk. I'm a sad, sad person.
    Not really, I once took issue with neighbours wi-fi networks broadcasting across the range for the best channel for my own network. It's the only time I've ever used a linux distro, in efforts to gain access to their routers to put them on a fixed channel not close to mine. TL;DR Takes a long time depending on hardware in use, gave up with my ancient laptop.

    It is best not to use the "obvious pattern" following manufacturer generated PSK, Steube advised users; rather make up your own with complex arrangements of letters and symbols. "A typical manufacturers PSK of length 10 takes 8 days to crack (on a 4 GPU box)," explained Steube.
    Pretty obvious advice, as is turning off roaming and automatically connecting to networks on your devices (especially if hiding your SSID).

  7. #6
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Researcher looking at WPA3 discovers new WPA2 attack

    Quote Originally Posted by Iota View Post
    Not really, I once took issue with neighbours wi-fi networks broadcasting across the range for the best channel for my own network. It's the only time I've ever used a linux distro, in efforts to gain access to their routers to put them on a fixed channel not close to mine. TL;DR Takes a long time depending on hardware in use, gave up with my ancient laptop.
    My finest moment in this domain was some years ago when a friend was having some script kiddie keep trying to hack him and kept bouncing off the firewall and annoying him with endless pop up messages alerting him to the attempts but furnishing him with the IP address, which he passed on to me.

    I can't quite remember what I did it was so long ago but it was essentially an improvised DOS attack. Very effective and he stopped his attempts to hack my friend after a couple of minutes. Things like that are useful to know how to do for situations like that (it was probably only a matter of time before the guy actually found an open port) as long as you're not a prat with it.
    Last edited by philehidiot; 09-08-2018 at 10:01 AM. Reason: Spelin and claritie

  8. Received thanks from:

    Iota (09-08-2018)

  9. #7
    Be wary of Scan Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    1,079
    Thanks
    40
    Thanked
    137 times in 107 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • 48GB Corsair DDR4 3000 Quad-channel
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 840 EVO; RAID-0 x2 WD Black; RAID-0 x2 Crucial MX500
      • Graphics card(s):
      • MSI GeForce GTX 1070 Ti
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Philips 40" 4K AMVA + 23.8" AOC 144Hz IPS
      • Internet:
      • Zen FTTC

    Re: Researcher looking at WPA3 discovers new WPA2 attack

    I seem to recall that the original WPA2 attack was effective against WPA2-EAP as well as PSK, albeit only against one user. Does anybody know if EAP is vulnerable to this hack, and I guess by extension, if all variants of EAP are effected?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •