Expert hacked 70% of Wi-Fi networks in Tel Aviv for research

hacked Wi-Fi in Tel Aviv

CyberArk specialist Ido Hoorvitch hacked 70% of Wi-Fi networks in his native Tel Aviv, seeking to prove that home networks are poorly secured and easily compromised.

To conduct the experiment, Horwich walked around town with sniffing equipment and collected data from 5,000 network hashes. Next, he exploited a vulnerability to obtain the PMKID hash normally generated for roaming. The PMKID hash consists of the network SSID, passphrase, MAC address, and a static integer.

hacked Wi-Fi in Tel Aviv

To get the PMKID hashes, he used a $ 50 AWUS036ACH ALFA NIC, which could act as both a monitor and a packet injection tool, and then analyzed them using WireShark in Ubuntu.

hacked Wi-Fi in Tel Aviv

Using the method of Jens “atom” Steub (lead developer of Hashcat), Horwich collected PMKIDs, which were then cracked to obtain passwords.

The atom method is not client-driven, so there is no need to capture a user’s login in real time, nor is there a need to [wait] for users to connect to the network in general. Moreover, an attacker only needs to grab one frame and eliminate incorrect passwords and corrupted frames that interfere with the cracking process.Horwich says.

So Horwich started with mask attacks to identify people using their mobile phone number as a password for Wi-Fi (a common occurrence in Israel). To crack such passwords, it is necessary to calculate all variants of Israeli phone numbers, and these are ten digits, always starting with 05, which leaves only eight digits.

Using a regular laptop and this technique, the researcher successfully compromised 2,200 passwords at an average rate of nine minutes per password. In the next step, he switched to a dictionary attack using Rockyou.txt. This led to the rapid cracking of an additional 1,359 passwords, most of which used only lowercase characters.

hacked Wi-Fi in Tel Aviv

As a result, Horwich successfully compromised about 70% of the passwords for the selected Wi-Fi networks and confirmed all his guesses about the poor security of Wi-Fi networks.

The specialist summarizes that users should not enable the roaming function on routers intended for personal use (WPA2-personal), because there is no need for roaming in such networks. He also notes that passwords longer than 10 letters/numbers are more resistant to cracking.

Let me remind you that Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *