A new WPA/WPA2 attack with PMKID

[German]A new method of attacking Wi-Fi connections encrypted/secured via WPA/WPA2 using PMKID has become public. Here are a few details what is known so far.


Some Background

A wireless connection between devices (mobile device or PC with a WLAN router) can be encrypted and secured using various protocols such as WPA or WPA2. For long time, the WPA2 protocol was considered secure against attacks. But weak points in the EPA2 protocol became known as early as October 2017. By means of a method known as KRACK attack, there was at least the theoretical possibility of decrypting the data exchange between the devices.

A new WPA/WPA2 attack with mittels PMKID

A few hours ago, a new method of attacking the WPA/WPA2 protocol became known. I came across this topic on Twitter at @hashcat:

They say that attacking WPA/WPA2 no longer requires complete 4-way handshake recording. The PMKID required to decrypt the communication is calculated with HMAC-SHA1, where the key is the PMK and the data part is the concatenation of a fixed string label “PMK Name”, the MAC address of the access point and the MAC address of the station.

Details are described in the hashcat.net forum in this thread. The authors of the attack method state that they do not know for which manufacturers or for how many routers this technique works. However, they believe that the attack method works against all 802.11i/p/q/r networks with roaming features enabled (most modern routers support this). As a user you can’t do much at this point, but just wait and see if this will be fixed.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *