are we secure from this new attack?

ahmadtat
Getting noticed

are we secure from this new attack?

Hi,

 

I was reading and came across this article.. 

https://bgr.com/2018/08/08/wi-fi-password-hack-new-attack-breaks-wpa2-network-security/

 

Are meraki access points immune to this kind of attack? 

 

Thanks

 

 

5 REPLIES 5
cta102
Building a reputation

It's not really a new attack (though the press is hyping it as such.)

 

It's a quicker way of getting the authentication handshake, rather than capturing the 4 way handshake you just need to capture a single EAPOL packet.

 

However it was never that hard to capture that handshake anyway, so if the attacker even half way knew what they were doing.

 

As it is exploiting the actual protocol to make the capture of the data any product using the protocols is exposed.


It still takes the same length of time to break the password, so the usual long password with non dictionary passwords still applies (still about 8 days for a (sensibly chosen) 10 character password.


You of course could turn of the roaming I suppose

PhilipDAth
Kind of a big deal
Kind of a big deal

That article is click bait.

 

Basically if you have 4 x GPUs you can break a 10 digit WPA pre-shared key in about 8 days now.

 

Ideally use WPA2-Enterprise mode, or if you have to use a PSK, try and make it at least 11 digits or more.

jdsilva
Kind of a big deal

For reference, the actual post made by the guy who stumbled on this new method is here:

 

https://hashcat.net/forum/thread-7717.html

 

That is sensational headline free, and just the facts. But as everyone said above, grabbing a hash from a WPA(2) PSK SSID and brute forcing it is nothing new. 

Adam
Kind of a big deal

I agree with all the above feedback.  This isn't really a new attack it is just a quicker way of getting the pw hash vs having to wait for someone to auth or to force it by sending de-auths.  Either way the hash still has to be cracked. 

 

The Hashcat folks found this while researching ways to attack the upcoming WPA3 standard.  There isn't much Meraki could do for this since it is an inherent flaw with WPA2.  Moral of the story.  If possible, use a long password so it cannot easily be cracked via rainbow tables etc.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal

>...is since it is an inherent flaw with WPA2.

 

I'm not sure I would agree with that bit. 🙂

 

If you are going to say allowing the exchange of a security hash is a flaw, then we are screwed.  Everything uses security hashes, PKI and certificates, NTLMv2, IPSec, etc.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels