The security of WPA2 is questionable

Protecting your home network is not always easy. By taking the necessary steps to secure computers with our guide , something might go wrong if the weakest link is a router. A strong password supported by WPA2 encryption has been an effective network security to date. Now analyzing the security features of the new WPA3 protocol, researchers have discovered a way to break Wi-Fi passwords supporting WPA / WPA2-PSK.

The new method was discovered accidentally thanks to the hashcat software, a popular password cracking tool. Working on breaking the WPA3 protocol, the experts obtained the PSK key for W-Fi, but not so far - by capturing the full 4-way handshake authentication process. Instead, a new attack on WPA2 does not require any authentication packets to be captured at all.

WPA2 security

The attack has several advantages over the old method. One of them is that it is an attack without a client, so "this bad between the victim and the access point" does not have to eavesdrop on frames of logged in users, in this he does not have to wait for a full 4-way handshake. In fact, with the new version of the hashcat for breaking the WPA2-PKS, the user does not have to be nearby, because the router and cracker are involved in the procedure.

Each router is prone to intercept data that is needed to break WPA / WPA2 security, but not on any router this technique will work. The list of router models that are vulnerable is not known but it is aggressively estimated that all 802.11i / p / q / rz networks with roaming enabled features may be at risk, including the latest top routers.

How to protect yourself? Wait for the WPA3 protocol, which is immune to the presented attack . To minimize the risk, use a very strong password, preferably generated by one of the popular password managers (we recommend KeePass or KeePassX). After all, how often do you enter your credentials into the network? Exactly. It is worth making the password very difficult to break.

More on the security of WPA2 we wrote about the vulnerability of KRACK here and here.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.