Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords

Other urls found in this thread:



10/10 hope zoomers these days get to have half the fun we did.

Moron, it even says in OP's quote that WPA2 is insecure.

Afaik the aircrack toolset lets you record wifi packets and the more packets (or login handshakes?) you record, the easier it is to bruteforce the password.
There's also tools to disconnect people's wifi but that can raise suspicions.

The solution is to legalize running open wifis for everyone, and to install OpenWRT on your router and set up rate limiting so you get l33t ping times while your neighbor hacks the planet.

If you really gave a shit, you'd install something really obscure both on your router and on your phone.
However at this point everyone just tends to use a cable and a laptop or desktop PC.

So that I can access your NAS and look at your dickpics, faggot.

And portscan everything to infect your toaster.

That would be nice, way more efficient than if you torrent them.

did they even fix that stupid thing where the keys are always same for everyone and based on the ssid

Didn't see that mentioned. I thought the attack of setting up a wpa2 ap with the same ssid as the wpa3 one, then watching wpa3 clients downgrade and negotiate against it with a more vulnerable handshake was most amusing.

To everyone in this thread, here's what happened.
WPA3 was going to be really, really good. It would be a major shakeup in the way we think of Wi-Fi security. You could have a public access point that is encrypted, providing at least some level of protection on those networks. You could easily add headless IoT devices to a WPA3 network. The encryption was going to get stronger.
Everything was good

Then (((someone))) decided to fuck it all up. When they actually released this thing, they completely destroyed its true potential. The encrypted public networks, now dubbed Enhanced Open, were no longer part of WPA3. Neither was the IoT security, now dubbed EasyConnect. This means that WPA3-compliant products don't have to support those features. You're at the mercy of the vendor to support these extra standards.
Possibly even worse though, they stripped the improved cryptographic strength. Now it's only available in WPA3-Enterprise. It doesn't exist in WPA3-Personal.
Now the whole thing is being held up by the foundation of this secure key establishment protocol, now referred to as the Dragonfly handshake. Something that was clearly not tested properly.
It's almost like WEP all over again. WEP was supposed to be "Wired-Equivalent Privacy", but there was no public review or even any kind of audit, so it was a massive failure. Looks like nobody learned their lesson, and here we are.

Attached: wifi_alliance.png (640x426, 46.28K)

I hadn't been following (((WPA3))) development, but I recognized the all too familiar pattern as soon as I saw that article. Thanks for the background.


Yeah well some of us don't own our own router and internet service, I have to steal my neighbour's wifi to get online.

You don't even need handshakes anymore for plenty of routers, WPA2 personal is fucking fucked.
ZerBea released all the tools on github.

Attached: 1554842386091.jpg (720x960, 74.37K)


Doesn't surprise me a bit.

Legal disclaimer. Some of what I'm going to reference might be illegal and this is for educational purposes only. You are a big boy and pull your own pants up so it's up to you to decide if you are going to follow applicable laws. If you have questions about the legality of some of the things mentioned look the shit up on Google. Some things that are legal in other parts of the world may not be legal where you live.

This does not surprise me at all. When I learned to audit wifi there were only a few types of attacks. But oh, let me count the ways.

WEP replay packets continuously until you have 5000 and reconstruct shit for password.

WPA send deauthentication frame to client and collect 4 way handshake. Run dictionary attack against handshake to recover password. For bonus KEKs build a rainbow table. A precomputed table will continue to work against the same AP after the password has changed. You just need to collect a new handshake. Mitigation change the ESSID (that's the name of your wifi for newfags) because WPA/WPA2 uses that as a salt.

PMK rainbow tables. I think the last time I did this was with GenPMK or Cowpatty or some shit like that.

WPS PIN search. This is really easy to do and it doesn't take long because once you get half of the PIN it will tell you half of it is right and you just crack the other half which is only like 10,000 possibilities. mitigation don't use WPS.

WPS Pixie dust attack. Because some routers use a pseudorandom number generator that isn't very random this attack just sends a single WPS PIN attempt then uses the reply to calculate the WPS PIN. Mitigation: Get a router that isn't a piece of shit.

PMKID attack against WPA/WPA2. Easy mode. Requires tools that don't like to run on Ubuntu or Kali Linux. I've only seen this work in a video but there are tutorials for it. Requires a certain build of hashcat and some other shit. I had compatibility issues when I was trying this.

KRACK Key Reinstallation Attack on WPA/WPA2

How to get free wifi at coffee shop where you only get a 3600 second IP lease and your IP is then banned.

ifconfig wlan0 down && macchanger -r wlan0 && ifconfig wla0 up

Then just login again.

I'm sure by now there are some new attacks that I don't know about. So this vulnerability in WPA3 does not surprise me.

How to mitigate wifi attacks.

Choose a long password with extendend characters like $%^&* in it. More than 10 characters and not something that is in a standard dictionary or is a common chemical name or an encyclopedia entry. Don't use something like your street name, your mothers, maiden name, your first pet or other facebook tier security bullshit like that.

Change you password and you ESSID often. Don't use the stock ESSID like NETGEAR01 becasue chances are there are precomputed rainbow tables for factory ESSIDs for every fucking router you can think of.

Pro tip. Some routers can run on channel 13. Most clients won't scan for it. If you run on channel 13 most people don't even know your router is there unless they are scanning for it. This might not be legal in your jurisdiction. Check local laws before doing shit.


Or just set your router not to broadcast its ssid and use whatever security

This is why I stick with ethernet cables and did not install and wireless connections.

What's the alternative? 99% of WPA2 instances which exist in the wild are vulnerable to KRACK (because either too old to have even received patches, or nobody bothered with patching anyway), and within a few years it might go the WEP way (i.e. become trivial to bypass so as to become disfunctional as what it was designed to be).

everyone just has to set up their own radius server and turn on wpa enterprise. everything else is designed to be easily cracked.


This isn't going to work. Try again.

Oof, the racism in this thread!

These are our enemies. Why are we supporting them?

Kike mods are trying to get TOR banned. Don't let them get away with it!

Schizophrenia is one hell of a drug.

The ssid is revealed as soon as you connect.

i doubt it. https is the default on every web page now. gone are wild west days of passively sniffing your neighbors wifi traffic and harvesting credentials.

krack is shit. it requires you to be really close to the AP since it uses 2 adapters and clones the AP on one while connecting with the other. Not likely to work unless you could stand outside your neighbors window holding a laptop in broad daylight without anyone noticing.


Attached: Terry_where_it_all_went_wrong.webm (1280x720, 1.39M)

You know that SSL can be decrypted fairy easily. Just replace the public cert of the webpage and the client with your own cert and you will act like the client to the webpage and the webpage for the client because you replaced the certs

Is it even possible at all to have 100% secure wireless?
Since you always start with no encryption (unlike for example, TLS, where you usually already have your (((CA))) keys that came with your OS which was either downloaded through another TLS-encrypted connection or came installed in your computer) it's always possible for a bad actor to impersonate the real router the first time a client tries to connect.

Nevermind, I'm retarded, I forgot a password was involved, even with a MITM from the start little information could be gained. Sorry to the other 2 maybe 3 users in Zig Forums who actually understand who these things work :^).

This would show up as an invalid cert on their machine, this is why your OS downloads the root CA certs from time to time.

The person at the other end would have to be a retard and make an exception to an invalid cert being used. Most web browsers light up like a Christmas tree when this happens and IIRC may not even let up make exceptions any more.

Attached: YuiShocked.png (538x558, 212.82K)