Wi-Fi vulnerability has been of recent speculation; indicating that a hacker can exploit Wi-Fi networks. Digital Edge wants to raise awareness by sharing an article written by our friend Henry Jiang (CISO, CISSP) that covers this topic extensively. In addition, you will find the results of our conversation with a security expert who witnessed a “Proof of a Concept” of the Wi-Fi exploitation using modern white hacking approach.
Henry’s article: https://www.linkedin.com/pulse/infographic-krack-aka-wifi-wpa2-vulnerability-jiang-ciso-cissp-1/
Some facts from the conversation with a security expert exploiting Wi-Fi WPA2 vulnerability:
- There is a wrong perception that to hack Wi-Fi you have to sit days in an unmarked mini-van next to the building with the access point. The expert confirmed that a minute or even less of sniffed Wi-Fi traffic is enough to sample the communication and take it back to analyze and crack the passwords.
- It took the team 4 hours in the lab to prepare for the penetration.
- The team used custom code on the top of KRACK (hacking system from Offence Security)
- Multiple algorithms for traffic analysis and hash cracking were used simultaneously on a very powerful computer to obtain the 4 hour result.
Conclusion:
We cannot relax by only patching end points. Wi-Fi manufacturers must come up with firmware upgrade.