Social Icons

Thursday, August 9, 2018

Security alert: a new attack on WPA / WPA2 protocols would impact several Wifi devices



Who generate PKMID hashes ?
The team that publishes Hashcat - a password recovery tool - has discovered a new technique that could allow an attacker to obtain the password of some 802.11 networks with greater ease compared to existing methods.

She discovered the scheme by accident while exploring ways to put the WPA3 protocol to bad. The new method, which according to Hashcat developers, would be less effective against WPA3 works on WPA and WPA2 networks with roaming functionality. "For the moment, we do not know for which providers or for how many routers this technique will work, but we think that it allows to attack all 802.11i / p / q / r networks with functions of roaming, "they add. In a recently published blog post, an intrusion tester lists the AWUS036H Wifi card and the Linksys E4200 router among the affected devices. Roughly speaking, all routers and access points on the market from 2011 would be affected.

The new technique is based on extracting the Pairwise Master Key Identifier (PKMID) from an EAPoL frame. This key is needed to establish the connection between a user and an access point. It can be retrieved using a packet capture tool and then brute force decoded to retrieve the PSK key. "We receive all the necessary data within the first EAPoL frame from the access point," specify the heads behind hashcat. In other words, it is sufficient for the attacker to initiate the authentication procedure on the router or the access point to come into possession of this hash. According to the developers of the open source recovery tool, all operations require about ten minutes depending on the noise on the WiFi channel.

Compared to the existing, the method has the merit of relying only on the details provided by the router. Moreover, the tools currently available impose in addition to watching for a possible communication between the access point and a client station, which, from the point of view of the attacker, is less practical.



The success of this attack method depends on the complexity of the PSK key. In line with this observation, the main recommendation to users is to configure a strong password. Tools to achieve this goal abound online (Keepass, Keeper, LastPass, etc.) and the decryption time PKMID can be significantly extended.

Source : hashcat 

No comments:

Post a Comment

Category Of Mobile Courses

Actualités (644) Adsense (1) Affiliation (1) Algebraic Topology (2) Algorithmic (1) all-news (30) Android (5) Android App (8) Android app without code (4) Android Apps (205) Android Development (4) Android download (2) Android OS (3) AngularJS (1) Automata theory and formal language (5) C programming (5) Category and Functor (8) CMS (3) Computer Glossary (18) Create Mobile App With Ionic Framework (2) CSS (2) CSS-Cascading-Style-Sheets (4) Developpement Java (13) Differential Geometry (1) Django-Python-Framework (8) dropshiping (26) Earn Money by Internet (4) Emplois (23) Framework php (2) Fraud (2) HTML (7) Java For Beginners (10) Javascript (12) Kotlin Programming Language (8) Kotlin For Mobile Android (1) Linux Download (2) Marketing (5) Mobile (3) Mobile Courses (4) Mobile Marketing (4) MoneyGram (1) News (721) Node.js (5) Open Source (1) Photoshop (1) Protect Computer (1) Python (35) Python BeautifulSoup (1) Python For Data Science (2) Python-Books (6) Python-DVD-Training (1) Python-Exercises (185) Python-Framework (1) Python-IDE (1) Python-Modules (1) Python-pdf (2) Python-pyQt (1) Référencement (2) Script PHP (2) Security (6) SEO (1) Snipping Tool: Faq (1) Social Networks (1) Source Code (1) Statistics With SPSS (2) Surveillance Software (1) Travail à domicile (6) Tutoriels php en vidéos (2) Tutoriels-MySql (6) tutoriels-php (19) Utilitaires (1) VPS (1) Web Hosting (1) Webcam (1) Webmarketing (11) Western Union (1) Windows 10 (1) Windows 7 (4) Windows 7 Faq (2) Windows 8 (1) Windows Accessories (1) Windows Download (8) Windows Drivers (1) Windows Fonts (1) Windows Power Shell (2) Windows Registry (2) Windows Security (18) Windows Software (2) Windows Spyware (2) Windows utilities (3) Windows Virus (2) Windows Vista (3) Windows Wireless (1) Windows xp (1) Wordpress (1)
 

Sample text

Sample Text

 
Blogger Templates