Skip to main content

Network routers with roaming enabled are likely susceptible to a new attack

Hashcat creator Jens Steube accidentally discovered a new method to break into network routers while researching new ways to attack the new WPA3 security standard. He stumbled onto an attack technique capable of cracking hashed passwords based on the Wi-Fi Protected Access Pre-Shared Key (WPA-PSK) security protocol.

For starters, WPA is a mechanism in wireless networking that encrypts and decrypts data passed between the router and a connected device. The PSK aspect applies to the network’s password or passphrase, as the router creates a unique 256-character key that is shared between both devices. These keys change periodically to prevent hackers from infiltrating the network.

Recommended Videos

In a typical attack, the hacker must be in the range of a router and a connecting wireless device, and patiently wait for the latter device to log onto the network. When the wireless device begins the connection process, the hacker must run a tool in the exact same moment to capture the full four-way “authentication handshake” made between the router and the device.

That’s not the case in the new attack. With this method, the hacker needs only a small portion of the handshake called the Robust Security Network Information Element (RSN IE). Even more, the hacker can connect directly to the router and access the needed data rather than lurk in the background and wait for someone to connect.

“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11 i/p/q/r networks with roaming functions enabled (most modern routers),” Steube says.

The login aspect of connecting a wireless device to a router consists of a set number of steps or frames. The RSN IE is an optional field within one of those steps that contains the Pairwise Master Key Identifier, a networking component that verifies that both the router and wireless device know the PSK-based password. This component is the new method’s attack vector, retrieving the stored PSK-based password.

According to Steube, the attack requires three available tools: Hcxdumptool v4.2.0 or higher, Hcxtools v4.2.0 or higher, and Hashcat v4.2.0 or higher. The first tool on the list grabs the necessary connection frame and dumps it into a file. The second tool converts the saved data into a format that can be read by Hashcat. This third tool cracks the encryption.

Ultimately, this method reduces the time used to access the stored passwords but doesn’t lessen the time needed to crack the encryption protecting these passwords. The cracking duration depends on the password complexity, thus if router owners never change the password from the factory default, the password should take no time to crack.

To better protect yourself from a possible attack, change the default password on your router. Using your own password is supposedly better than allowing the router to create one for you, and always use a variety of characters: Lower and upper-case letters, numbers, and symbols. If you’re not great at remembering passwords, Steube suggests using a password manager.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This Lenovo all-in-one computer is 30% off even though Prime Day has ended
The Lenovo V100 All-in-One Desktop Computer on a white background.

Even though Prime Day is already finished, there are still some excellent desktop computer deals on Amazon. If you don't have much space, or you just want to avoid clutter, you should take a look at the Lenovo V100 All-in-One PC. From its original price of $800, it's all the way down to just $560 following a 30% discount. The offer for this machine will only be available for a limited time though, so you need to act fast and proceed with the transaction immediately to secure the savings of $240.

Buy Now

Read more
The new Reachy Mini robot can let kids turn play into innovation
The Reachy Mini robot.

The Reachy Mini is an exciting new desktop robot aimed primarily at developers, educators, students, and enthusiasts, or basically anyone interested in creative coding.

There are actually two of them -- Reachy Mini Lite ($299) and Reachy Mini Wireless ($449) -- and both were developed by the prominent AI platform Hugging Face following its recent acquisition of Pollen Robotics. 

Read more
If you’re itching for an HP OMEN MAX gaming laptop, this deal will save you $500
The HP Omen Max gaming laptop with Valorant on the screen.

We've recently published a stunningly positive review of the HP OMEN Max 16. It's got a list of "Pros" a mile long. The single, obligatory con is "Thick and heavy." Considering that it's a gaming laptop, that's practically the equivalent of saying a flashlight is too bright to look at. Thick, and a bit heavy, just comes with the territory. All of this is to say that the review was great and we're fans of the HP OMEN Max 16. As a deal hunter it made me want to go and see if I could find a deal on the HP OMEN Max 16 and I did, sort of. Right now you can get a customizable HP OMEN Max 16t — a laptop that, if it didn't have a separate store page, I would think is identical to the one we reviewed — with a $500 discount, no matter what settings you choose. With the base settings of the laptop, that discount brings it from $2,100 to just $1,600, but you're free to upgrade to your heart's content. Tap the button below to start customizing to your whimsy or keep reading for some advice on how to do so and what to expect from the 16t.

Buy Now

Read more