This expert shows how it was done in Israel, but weak Wi-Fi security exists worldwide and can be similarly hacked.

With the continued shift to remote-working due to the pandemic, securing home networks has become imperative and poses a risk to the enterprise if not done so.

Home networks rarely have the same controls as enterprise networks. And a security program is only as strong as its weakest link.

In this blog, I demonstrate how easily (you do not need a cracking rig) and with little equipment unsecure Wi-Fi passwords can be cracked, thus compromising the wireless network.

How Wi-Fi cracking works

In simple English, to hack/crack a Wi-Fi password, an adversary needs to be in the right place (between users and a router) at the right time (when users log in) and be lucky (users entered the correct password and all intercepted data is sniffed correctly).

However, one easier way is to deploy a novice ‘mask attack’ technique and leverage a habit many people in some countries practise: using a cell phone number or weak alternative as a Wi-Fi password.

Many routers, from many of the world’s largest vendors, are susceptible to this attack, called Atom’s technique. There is no need to wait for any user to log in to the network to capture the log-in details. Just being in the vicinity of the router/network to get a ‘PMKID hash’ is enough.

To gather Wi-Fi PMKID hashes, a hacker uses a wireless network interface that supports monitor mode capabilities to perform data packet capturing without having to associate with an access point. Then, using a utility such as Hexdumptool, the PMKID hashes can be cracked using a password recovery tool called hashcat.

Assuming a Wi-Fi password is based on a mobile number active in the city, the password cracking becomes easier. Together with password-cracking dictionary such as Rockyou.txt, an adversary can also quickly hack simple passwords such as “Summer$021”.

By strolling the streets of Tel Aviv with US$50 worth of Wi-Fi sniffing equipment, I was able to break more than 70% of the sniffed Wi-Fi networks passwords with relative ease. The Tel Aviv Metropolitan area has more than 3.9m people: you can imagine what the numbers would have been had I not cut our research off at 5,000 Wi-Fi networks!

Protect your Wi-Fi!

  1. Choose a complex password: a strong password should include at least one lower case character, one upper case character, one symbol, one digit. It should be at least 10 characters long. It should be easily remembered and hard to anticipate. Bad example: Summer$021
  2. Change the default username and password of your router
  3. Update your router firmware version
  4. Disable weak encryption protocols (as WAP or WAP1)
  5. Disable WPS

It is important to note that implementing multi-factor authentication (MFA) for personal Wi-Fi is difficult and largely impractical for personal non-technical consumer usage. It is also unlikely that MFA will be widely available for general consumer use cases in the near feature.