A researcher has claimed he has discovered a new technique to crack the wireless password of routers using WPA/WPA2 WiFI security.
Jens Steube discovered this new technique, who is the creator of the popular Hashcat password cracking tool and said that technique was discovered accidentally while looking for ways to crack the new WPA3 security standard.
“This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).” said in the post published by Jens Steube
Previously in order to crack WPA/WPA2 security attacker needed to wait for the user to login into the network and capture the full handshake process. In the new method, it is Performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame.
This technique will work on all 802.11i/p/q/r networks with roaming functions enabled.
Working of WPA/WPA2 WiFi password cracking method
Here the attacker tries to extract the Robust Security Network Information Element (RSN IE) which contains the PMKID ( a key generated by the router to establish the connection between a user and access point).
Pairwise Master Key ID ( PMKID) is cracked to retrieve the Pre-Shared Key (PSK) of the wireless network.
“The PMKID is computed by using HMAC-SHA1 where the key is the PMK, and the data part is the concatenation of a fixed string label “PMK Name,” the access point’s MAC address and the station’s MAC address.”
“Since the PMK is the same as in a regular EAPOL 4-way handshake this is an ideal attacking vector. We receive all the data we need in the first EAPOL frame from the AP.”
This is new method make it easier and faster to get hash which contains the Pre-Shared Key (PSK), but hash still needs to be cracked to get the Pre-Shared Key which can take a long time depending upon the complexity of the password.
For more details you can visit the blog post published by Jens Steube here.