Saturday, November 10, 2012

How Easy Is It To Crack A Wifi Network? [MakeUseOf Explains]


Sent to you by Chris Hunter via Google Reader:


via MakeUseOf by James Bruce on 11/9/12

Whether you're a computer novice or a pro-level geek, you probably have some idea about Wifi security. You know that you need to have some kind of password – preferably a long password, maybe even with some punctuation; and you also know that there's a setting on your router to hide the network name so other people can't see it. You've done all that, and now your sitting there safe and sound in the knowledge that your network is on lockdown. Really? You might want to keep reading, as we dispel a few common beliefs about Wifi security.

Hiding your Network SSID

Security through obfuscation is the worst kind; anyone with access to the most basic of wifi hacking tools will see your "hidden" network listed alongside everyone else's. The only people it is genuinely hidden from are legitimate users; family, friends, or customers trying to connect to an invisible network that they can't see when they click on the little wifi icon in the corner. The hacker meanwhile, has identified your hidden network and is launching the next app he'll use to crack your passkey. The clock is ticking.

Advice: Don't bother hiding your SSID – the only person it'll cause problems for is yourself.

WEP Passwords

WEP passwords are the old way of securing a network; I showed you a long time ago how they are incredibly easy to crack by simply sniffing out network traffic that's broadcast around. You can even buy special routers from China that automatically crack any local WEP-secured networks, then re-broadcast the signal as a properly secured Wifi for your own purposes.

Sadly, a lot of older devices are incompatible with WPA. Some game cartridges for the latest Nintendo 3DS won't work with WPA, even though the console itself is compatible. I know my old iPhone had issues with WPA sometimes, too.

Advice: Never drop down your wifi security to the level of WEP password only – you are asking to have your internet used for all manner of nefarious purposes. If you have a device that's incompatible, throw it in the trash and buy a real game console or new phone instead. There is absolutely no excuse for using WEP security in this day and age. If you're out and about, don't ever connect to one of these either; people can very easily listen in to your web traffic, resulting in stolen passwords, redirected bank logins and all things nasty.

WPA Security

I'm not at risk - you're thinking - I have a 25 character long password and I use WPA2-PSK – the best security available. Well yes, that may be true; but you're still not safe. Most routers contain something called WPS technology. WPS was an attempt to simplify connecting devices to the network; you could either use a simple, one-touch button on devices like games consoles and Wifi printers, or you type in an 8-digit number that's printed on the side of your Wifi router. That 8-digit (numerical) password completely bypasses the need for a lengthy alphanumeric password. But don't worry, manufacturers realised how silly this sounds and built-in safeguards to prevent brute force hacking of this number – after 3 failed attempts, there is a 60 second cooldown time. To randomly attack an 8-digit password would therefore take 6.3 years; you'd probably notice if someone was parked outside for that long. So we're cool, right?

No. You see, they made a very slight oversight – they split the passkey number in 2 sets of 4 digits. After guessing the first 4, the router sends a helpful "you got the first half correct" notification, so you can save those for reference. You only need to break 4 numbers, twice. That limits your list of possible combinations to just 10,000 for each set. The 6.3 years required is now cut to less than a day. But it gets worse, as some manufacturers don't even bother to implement a cool-down period between failed attempts. Yes, this is a momumental failure; with the correct tool (here's my helpful tutorial), even your WPA2 protected network can be hacked in just a few hours.

Since WPS technology has been a requirement of certification for all wifi routers and enabled by default, it's almost certain your router is susceptible. What can you do to protect yourself?

  • Disable WPS completely – this will vary by router. Be sure to test again after – although my router had this option, there was another internal WPS PIN that was separate from the user displayed one on the side of the router, and disabling just the user one offered no protection at all – the internal PIN could not be deactivated, yet could still be cracked.
  • Disable Wifi; this is probably the best option if you're using something provided by your cable company or ISP; if you absolutely need Wifi, buy another router and put your ISP supplied one into "modem mode".
  • Update the firmware of your router; assuing there is an update available.
  • Replace the firmware completely, with Tomato or DD-WRT.

In summary, the chances of your Wifi connection being 100% secure are exceedingly low, regardless of how long your password is, whether or not you obscure the network name – it's all crackable, and I've demonstrated it. If you want to be truly safe, you need to disable any wireless functionality completely, or make absolutely sure that WPS functionality is disabled fully on your router. You can and should run the tools linked above against your own networks to see if you're vulnerable. So – do you still think you're secure?


Things you can do from here:


No comments:

Post a Comment