Security News > 2021 > October > War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
War-driving - the process of driving around mapping residential Wi-Fi networks in hopes of finding a vulnerability to exploit - can still pay off for attackers, apparently: A CyberArk researcher recently found he could easily slice open about 70 percent of Wi-Fi network passwords in one Tel Aviv community - all at once.
After gathering what he felt was a decent sample size of 5,000 SSIDs and password hashes, it was then time to get crackin' - literally.
"Our first step in the cracking procedure is to install Hashcat, the world's fastest and most advanced password-recovery tool," he said, which includes several password-cracking methods like mask and dictionary attacks.
While the obvious moral of the story is that most people use dumb passwords, the other part of the narrative is the fact that Hoorvitch used a relatively new sniffing technique that only works with routers that support roaming features.
Otherwise, previous sniffing techniques required an attacker to be able to intercept the four-way handshake that happens when someone connects an AP - which prevents any cracking at scale.
Exploitation stakes can be high when it comes to routers: Hoorvitch pointed out that breaking into a residential network allows attackers to pivot to any of the devices connected to it to steal information or drop malware; and with people working from home since the pandemic, this could also have big consequences for business data protection.
News URL
https://threatpost.com/war-driving-wi-fi-password-cracking/175817/