U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Expert devised a new WiFi hack that works on WPA/WPA2

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of […]

Evil Twin Wi-Fi attack

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers.

Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers.

The attack technique works against WPA/WPA2 wireless network protocols with Pairwise Master Key Identifier (PMKID)-based roaming features enabled.

Steube discovered the attack while he was analyzing the WPA3 security standard.

The technique allows an attacker to recover the Pre-shared Key (PSK) login passwords and use them to hack into your Wi-Fi network and eavesdrop on the Internet traffic.

wifi hack

Unlike other WiFi hacking techniques, this attack doesn’t require the capture of a full 4-way authentication handshake of EAPOL.

Instead, the new WiFi hack is performed on the RSN IE (Robust Security Network Information Element) using a single EAPOL (Extensible Authentication Protocol over LAN) frame after requesting it from the access point.

“This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).”

“The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame”

The Robust Security Network protocol allows establishing secure communications over an 802.11 wireless network. It uses the PMKID key to establish a connection between a client and an access point.

Below the attack step by step:

Step 1 — Run hcxdumptool to request the PMKID from the Access Point and to dump the received frame to a file (in pcapng format).

$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status

Step 2 — Run hcxpcaptool tool to convert the captured data from pcapng format to a hash format that is accepted by Hashcat.

$ ./hcxpcaptool -z test.16800 test.pcapng

Step 3 — Launch the Hashcat (v4.2.0 or higher) password cracking tool and crack it. The hash-mode that we need to use is 16800.

$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’

In this way it is possible to retrieve the password of the target WiFi networt.

“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).” 
Steube concludes.

“The main advantages of this attack are as follow:

  • No more regular users required – because the attacker directly communicates with the AP (aka “client-less” attack)
  • No more waiting for a complete 4-way handshake between the regular user and the AP
  • No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results)
  • No more eventual invalid passwords sent by the regular user
  • No more lost EAPOL frames when the regular user or the AP is too far away from the attacker
  • No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds)
  • No more special output format (pcap, hccapx, etc.) – final data will appear as regular hex encoded string”.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – WiFi hack, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]