Skip to main content

Network routers with roaming enabled are likely susceptible to a new attack

Hashcat creator Jens Steube accidentally discovered a new method to break into network routers while researching new ways to attack the new WPA3 security standard. He stumbled onto an attack technique capable of cracking hashed passwords based on the Wi-Fi Protected Access Pre-Shared Key (WPA-PSK) security protocol.

For starters, WPA is a mechanism in wireless networking that encrypts and decrypts data passed between the router and a connected device. The PSK aspect applies to the network’s password or passphrase, as the router creates a unique 256-character key that is shared between both devices. These keys change periodically to prevent hackers from infiltrating the network.

In a typical attack, the hacker must be in the range of a router and a connecting wireless device, and patiently wait for the latter device to log onto the network. When the wireless device begins the connection process, the hacker must run a tool in the exact same moment to capture the full four-way “authentication handshake” made between the router and the device.

That’s not the case in the new attack. With this method, the hacker needs only a small portion of the handshake called the Robust Security Network Information Element (RSN IE). Even more, the hacker can connect directly to the router and access the needed data rather than lurk in the background and wait for someone to connect.

“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11 i/p/q/r networks with roaming functions enabled (most modern routers),” Steube says.

The login aspect of connecting a wireless device to a router consists of a set number of steps or frames. The RSN IE is an optional field within one of those steps that contains the Pairwise Master Key Identifier, a networking component that verifies that both the router and wireless device know the PSK-based password. This component is the new method’s attack vector, retrieving the stored PSK-based password.

According to Steube, the attack requires three available tools: Hcxdumptool v4.2.0 or higher, Hcxtools v4.2.0 or higher, and Hashcat v4.2.0 or higher. The first tool on the list grabs the necessary connection frame and dumps it into a file. The second tool converts the saved data into a format that can be read by Hashcat. This third tool cracks the encryption.

Ultimately, this method reduces the time used to access the stored passwords but doesn’t lessen the time needed to crack the encryption protecting these passwords. The cracking duration depends on the password complexity, thus if router owners never change the password from the factory default, the password should take no time to crack.

To better protect yourself from a possible attack, change the default password on your router. Using your own password is supposedly better than allowing the router to create one for you, and always use a variety of characters: Lower and upper-case letters, numbers, and symbols. If you’re not great at remembering passwords, Steube suggests using a password manager.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Apollo, a Reddit app featured during WWDC, is being shuttered
The Reddit app icon on an iOS Home screen.

On Thursday, the developer of the popular Apollo app for Mac, which is a third-party interface for Reddit, announced that the app would be closing. The app will remain live until June 30.

The developer announced the change in a Reddit post, saying "Eight years ago, I posted in the Apple subreddit about a Reddit app I was looking for beta testers for, and my life completely changed that day... Today's a much sadder post than that initial one eight years ago." The developer originally went to the social media platform to protest Reddit's changes to API pricing. After talks turned "ugly," they said Apollo would be closing.

Read more
The best Ethernet cables for 2023
An Ethernet port and plug.

You might have bought some Cat-5 Ethernet cables a few years ago, but as time passes, it’s probably time to think about upgrading them to a more modern, more capable option. Unfortunately, the number of Ethernet cable options has not become any less complicated over the years. But we're here to help with our definitive list of the best Ethernet cables.

Read more
HP 72 hour flash sale: Get this 17-inch laptop for just $330
A woman video chats with her friends on an HP Envy laptop.

One of the cheapest 17-inch laptop deals today comes courtesy of the HP 72-hour flash sale. Available right now, you can buy a HP 17-inch laptop for just $330 saving you $170 off the regular price of $500. While this isn't exactly a high-spec system, if you simply need a laptop with as large a screen as possible, it'll do the job. It's well-suited for taking to school with you or for basic work at home too. As mentioned, the HP sale is only for a limited time only so if it appeals, you may wish to hit the buy button sooner rather than later.

Why you should buy the HP 17-inch laptop
When on a budget, it's extra smart to buy from one of the best laptop brands so you get value for money. This HP 17-inch laptop has the essentials. There's an Intel N200 processor, 8GB of memory and 256GB of SSD storage. None of that is incredibly remarkable but at this price, you could end up seeing eMMC storage over SSD so that's a nice small advantage.

Read more