Puck's Random Website

I proved you can't trust wifi security by hacking my neighbour's wifi

Yup, you read that right: I've just admitted something illegal (don't worry, this neighbour is a café and their wifi is supposed to be public anyway). And I did it just to make a point: do not trust your wifi's security, no matter how complicated your password is.

You see, wifi security is just incredibly easy to hack. And no wonder, because the security most commonly used to protect wifi networks is about two decades old.


Most wifi networks these days are protected with a technology called Wifi Protected Access, or in short WPA, and more specifically version 2, known as WPA2. This WPA2 was introduced in 2004 to replace WPA, which was introduced in 2002. WPA2 however provided little improvement to WPA and both are relatively easy to crack. I will give a few vulnerabilities of wifi protection.

WPS
Probably the easiest way to hack your way into a wifi network is WPS. This "feature" (personally I see it as a bug but router manufacturers deliberately implement this because they see it as a feature) allows anyone to easily connect to a wifi network without having to enter the password, allowing people to use complicated passwords that they don't need to remember. To connect to a network with a new device, all you need to do is either press the WPS button on your router, or enter a simple, 8-digit PIN that is written on the router. This PIN normally can't be changed by the user, and of course there are only 40,320 possibilities, which should take an average computer several minutes to crack. So needless to say, WPS is just a welcome mat for hackers. You really should turn this off in your router's settings.


Capture traffic
It's also possible to just capture the traffic between a router and an authorised computer. The data is of course encrypted, but the encryption key is your wifi password, which is exactly what we want to grab. There's only one thing: we don't know the wifi traffic, and so we don't know what the correct unencrypted data is. Except of course when we do: and that is the login data. This is where Fluxion comes in. Fluxion is a Linux tool that basically pretends to be your router, sends a signal to your computer to disconnect and then reconnect, and while your computer does that, it captures the login data between your computer and your actual router. Now we have data of which we know what it needs to be, so all we need to do now is try all sorts of passwords until we found the one that correctly decrypts this data.


Hashcat
Hashcat is a programme that tries to decrypt the data we just captured, thus finding the wifi password. Success guaranteed, but you do need some patience. It can brute force passwords, but this might take pretty long and is usually not really necessary. You can as well just download a list of billions of passwords and let Hashcat use those. That should speed things up a bit.

So I've downloaded a file of 3,262,137,638 passwords and let it run in the background of my laptop. That would take way too long, as it only runs at a speed of 784 passwords per second.
Yeah, that's not really going to provide me with the password any time soon, unless the password happens to be somewhere at the top of the file. Luckily, there is a way of running Hashcat on a significantly faster computer without actually having a faster computer.



Google Colab
Google is so generous as to make their computers available for the public to use. Google Colab is an environment where people can freely test their self-written Python code. And Python can easily pass commands to the shell, by adding an exclamation mark at the start of the line. So yes, you can run any Linux command on Google Colab. You even have root access, so you can install new software, such as Hashcat.
So here's Hashcat running on Google Colab. This time, it is brute force. Which even on Google's computers, might take some time, but you can of course speed that up significantly by using multiple Google accounts simultaniously. But if I were you, I would use a password file such as mentioned above, on Google Colabs. Remember that my own laptop could crack at a speed of 784 passwords per second? Compare that to 304,000 passwords per second on Google Colabs (so 608,000 passwords per second if you use two Google accounts, 1,216,000 passwords per seconds if you use four Google accounts, etc.).



So is securing my wifi really pointless?
No, you should definitely secure your wifi, and use WPA2 for it (the older WEP security is much easier to hack, even, so don't use that). Because it does encrypt your data between your router and your computer, making it much more difficult for hackers to intercept. But if your neighbours want free internet, they can easily get it, and through your local network, they can get to your computer. Keep that in mind! If you have sensitive data on your computer, securing your network is not enough, because for anyone physically near you, it is basically peanuts to crack a wifi network. A newer version of WPA, WPA3, was introduced in 2018 but also already hacked. So my advice is to just assume your network is always compromised, and focus on securing your computer instead.


Last modified: 20 June 2021 20:55:37.
Links Photos Instagram Facebook LinkedIn
Viruswaarheid