top of page
Writer's pictureConsultant CyberSecura

WPA/WPA2 cracking, PMKID, Evil Twin... Overview of attacks and threats to Wi-Fi in 2022

Updated: Mar 15


sécurité WiFi

Wireless networks have become commonplace in most homes and businesses. Threats and attacks have therefore developed in this direction over the last two decades.


Security protocols have also evolved along the way. The latest standard ratified by the Wi-Fi Alliance, WPA3, provides enhanced security and protects against many of the known attacks. This protocol is recent and still in the deployment phase, and the historical WPA/WPA2 remains in most homes and businesses.


In this article, we will discuss the different attacks against Wi-Fi networks and the countermeasures to protect against them.


Note: WEP is on the way out and is no longer implemented by default by most manufacturers, so attacks against this protocol will not be covered in this article.





The different protocols for Wi-Fi security


Several protocols have been developed to secure wireless communications:


  • WEP: this is the first and oldest protocol (the standard was ratified in 1999). Its algorithm (RC4) is subject to numerous flaws which allow an attacker to crack the security key in a few minutes. This protocol is now obsolete.


  • WPA: is the successor to WEP and provides enhanced security by overcoming WEP's vulnerabilities by incorporating the TKIP protocol. A 128-bit encryption key is used for each packet sent.


  • WPA2: the successor to WPA, it improves on it by replacing the TKIP protocol with CCMP (AES) which is much more robust.


  • WPA3: the latest standard in force. It replaces PSK (Pre-Shared Key) with SAE (Simultaneous Authentication of Equals), which makes attacks based on WPA/WPA2 much more complicated or even obsolete.


WPA/WPA2 comes in two forms:


  • WPA/WPA2-PSK or Personal: pre-shared secret (PSK) designed for home or small business networks.


  • WPA/WPA2-MGT or Enterprise: based on 802.1X with RADIUS and EAP (MGT) designed for mid-sized enterprise networks.


Cracking WPA/WPA2-PSK : 4-way handshake


This is the most common attack against WPA/WPA2 networks. It captures the 4-way handshake that allows the authentication key to be cracked offline.


The 4-way handshake is a 4-step process between the authenticator (the Wi-Fi access point abbreviated AP) and the supplicant (the client). During this process, messages are exchanged to generate encryption keys to secure the connection. To generate them, several pieces of information are required: SSID (the name of the Wi-Fi network), the key, the MAC address of the two parties and a random number.

A challenge is then generated by both parties, but the key is not directly present in the exchanges. What is captured is only the challenge and the result, which allows the key to be deduced. Once the connection is established, the key is stored in the OS and is no longer requested. However, the 4-way handshake takes place at each reconnection in order to negotiate new encryption keys again. The attacker must therefore ensure that the client is disconnected so that it reconnects and captures the desired handshake. This is known as an active attack.

Once the handshake has been captured, the attacker only has to try all possible combinations offline to guess the key. This phase involves bruteforcing the handshake using a dictionary.


If there is no client connected to the target AP, the attacker will leave the program running and when a client connects, the handshake will be captured. This is known as a passive attack.


Cracking WPA/WPA2-PSK : PMKID


The problem in WPA/WPA2-PSK key cracking stems from the fact that at least one client must be connected to the target AP in order to capture the handshake.


The PMKID attack, a recent (2018) technique discovered by a researcher while analysing the WPA3 standard, does not require connected clients. This time it allows the PMKID (Pairwise Master Key Identifier) to be retrieved directly from the AP. This identifier is stored by the AP and is useful when clients move around. Indeed, some APs have a feature called Fast Roaming (defined in the 802.11r standard) which allows clients to reconnect instantly when moving from one AP to another and not have latency on certain applications that may be impacted. The PMKID is generated from the PSK and so the original key can always be recovered via a brute force attack. APs with the Fast Roaming feature enabled are affected.


Rogue AP


There are conflicting definitions of Rogue APs. They can take many forms. In the most common cases, it can be an AP illegitimately connected to a company's network in order to access the internal network without the knowledge of the administrators. It can also be an illegitimate AP controlled by an attacker who aims to imitate a legitimate one. Both of these cases are discussed in more detail below.


1. Rogue AP: illegitimate connection


An AP connected to a company's network without specific control and without the approval of the administrators can allow open access to internal resources and pose a serious threat. It can be the work of an internal employee or an external intruder. This type of rogue AP allows access to the company's LAN (local area network) and can constitute a security breach if the network does not have the necessary measures in place to protect against it.


2. Rogue AP: Evil Twin


The principle consists in copying an existing AP by using the same connection information. The goal for the attacker is to make a similar copy of the legitimate access point (SSID, channel, encryption algorithms) so that the client authenticates to the illegitimate AP.


Once the access point has been imitated, the attacker's goal is to disconnect a legitimate client so that it does not reconnect to the rogue AP.


The attacker then has two options:

  • The client connects to the rogue AP and the handshake will be captured by the attacker. The attacker can then attempt an offline attack to recover the key in order to connect to the target network.


  • The attacker sets himself up as a router: he then correctly redirects the clients as a legitimate AP and sets himself up as a MITM (man-in-the-middle attack), thus capturing all the traffic of the clients connecting to it. If unsecured protocols are used, this attack can capture sensitive information.



Illustration d'une attaque Evil Twin. Infographie par CyberSecura. Réutilisation interdite.
Illustration d'une attaque Evil Twin. Infographie par CyberSecura. Réutilisation interdite.


Cracking WPA/WPA2-MGT


WPA/WPA2-MGT differs from the WPA/WPA2-PSK mode of operation. PSK mode requires only an authentication key that is exchanged with clients so that they can connect. This mode is preferred and common in domestic households.


MGT mode relies on the use of the 802.1X protocol which relies on a much more robust infrastructure with the use of authentication certificates. This mode is much more complex to implement and is found in medium to large enterprises. Although the MGT mode strengthens security, attacks are still possible.


The principle is based on a mix of attacks against WPA/WPA2-PSK and Rogue AP Evil Twin. The attacker will first have to recover the identification information of the targeted Wi-Fi network. Indeed, in MGT mode, the organisation's certificate is sent to the client in order to prove that it really comes from the target company.

The attacker will have to disconnect a client so that the latter reconnects and can, at the time of reconnection, retrieve the handshake which will, for the most part, contain the certificate (in the case of a WPA/WPA-MGT network). He can then create his own by imitating as much as possible the information in the captured certificate so that it is as credible as possible. He will then configure his Rogue AP so that it has the same configurations and is as close to the legitimate network: SSID, channel and supported encryption algorithms.



When a victim attempts to connect to the Rogue AP, the credentials (username and password in NTLM hash format) will be captured. All that remains is for the attacker to crack the hash offline in order to recover the user's password.



Preventing and protecting yourself from Wi-Fi attacks


In order to avoid or mitigate some of the attacks described, some measures should be taken. For WPA/WPA2-PSK, a relatively complex key will make it difficult for the attacker to crack the key. Avoid simple keys that are present in wordlists (dictionary of words used by attackers to crack passwords), as these are regularly used.


WPA/WPA2-PSK PMKID attacks can be avoided by disabling Fast Roaming features.


Note: the KRACK vulnerability discovered in 2017 appears to target only devices with Fast Roaming.


Illegitimate Rogue APs can be thwarted by implementing an access control policy on the organisation's network. Network Access Control (NAC) equipment will block this type of malicious activity by monitoring the devices that are connected to the corporate LAN.


For the Rogue AP Evil Twin, the user should be vigilant. If your connection becomes unstable for a few seconds and a disconnection occurs, check the names of nearby networks to see if another has the same. If so, an attacker is probably around.

Attacks on WPA/WPA2-MGT based on 802.1X are similar to the Rogue AP Evil Twin. Therefore, vigilance is also required. If the certificate issued is not signed by an internal certification authority recognised by the organisation (as will be the case if the attacker attempts to spoof the certificate sent to the client) a warning message will be displayed to the user, which will attract his attention. It will also be necessary to raise awareness among users so that they are alerted if such a situation arises.


WIPS (Wireless Intrusion Prevention System) solutions integrated into professional Wi-Fi solutions can also detect a certain number of attacks.


 

Related blog posts:



 

Did you enjoy this blog post?


Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!



 

We need your answers!


By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.


Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!


Thank you for your responses!

 

Would you like to be informed of our news and receive our latest blog articles directly in your mailbox? Subscribe to our monthly newsletter!


cybersécurité grenoble

Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!

 



9,981 views
bottom of page