Meraki

Community

are we secure from this new attack?

ahmadtat
Getting noticed
‎Aug 8 2018 8:20 PM
‎Aug 8 2018 8:20 PM

are we secure from this new attack?

Hi,

 

I was reading and came across this article.. 

https://bgr.com/2018/08/08/wi-fi-password-hack-new-attack-breaks-wpa2-network-security/

 

Are meraki access points immune to this kind of attack? 

 

Thanks

 

 

0 Kudos
5 Replies 5
cta102
Building a reputation
‎Aug 9 2018 2:19 AM
‎Aug 9 2018 2:19 AM

It's not really a new attack (though the press is hyping it as such.)

 

It's a quicker way of getting the authentication handshake, rather than capturing the 4 way handshake you just need to capture a single EAPOL packet.

 

However it was never that hard to capture that handshake anyway, so if the attacker even half way knew what they were doing.

 

As it is exploiting the actual protocol to make the capture of the data any product using the protocols is exposed.


It still takes the same length of time to break the password, so the usual long password with non dictionary passwords still applies (still about 8 days for a (sensibly chosen) 10 character password.


You of course could turn of the roaming I suppose

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 9 2018 2:55 AM
‎Aug 9 2018 2:55 AM

That article is click bait.

 

Basically if you have 4 x GPUs you can break a 10 digit WPA pre-shared key in about 8 days now.

 

Ideally use WPA2-Enterprise mode, or if you have to use a PSK, try and make it at least 11 digits or more.

In response to PhilipDAth
jdsilva
Kind of a big deal
‎Aug 9 2018 7:18 AM
‎Aug 9 2018 7:18 AM

For reference, the actual post made by the guy who stumbled on this new method is here:

 

https://hashcat.net/forum/thread-7717.html

 

That is sensational headline free, and just the facts. But as everyone said above, grabbing a hash from a WPA(2) PSK SSID and brute forcing it is nothing new. 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
Adam
Kind of a big deal
‎Aug 9 2018 7:59 AM
‎Aug 9 2018 7:59 AM

I agree with all the above feedback.  This isn't really a new attack it is just a quicker way of getting the pw hash vs having to wait for someone to auth or to force it by sending de-auths.  Either way the hash still has to be cracked. 

 

The Hashcat folks found this while researching ways to attack the upcoming WPA3 standard.  There isn't much Meraki could do for this since it is an inherent flaw with WPA2.  Moral of the story.  If possible, use a long password so it cannot easily be cracked via rainbow tables etc.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
In response to Adam
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 9 2018 12:32 PM
‎Aug 9 2018 12:32 PM

>...is since it is an inherent flaw with WPA2.

 

I'm not sure I would agree with that bit. 🙂

 

If you are going to say allowing the exchange of a security hash is a flaw, then we are screwed.  Everything uses security hashes, PKI and certificates, NTLMv2, IPSec, etc.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.