Navigation

How to Crack a Wi-Fi Network’s WPA Password

It no longer matters how complex your wifi’s WPA2 password is. It can now easily be decoded by an amateur hacker in about 4 hours.

The lesson is:

1) Don’t use whatever password you use on your WPA router for any other accounts, because your WPA password is effectively public data.

2) You should instead rely on HTTPS to protect any sensitive transactions at the browser layer and assume that your wifi encryption provides no security whatsoever.

3) If you ever assumed that password protecting your router gave you security, maybe you should update? WEP was completely dismantled in 5 years and now most WPA2 routers are vulnerable to WPS attacks that make them worthless after only 5 years. There isn’t even a replacement standard yet, but I predict that whatever comes next will also be easily hackable and totally insecure in 5 years as well.

Author Description

Louie Helm is a Machine Learning Engineer

3 Responses to “How to Crack a Wi-Fi Network’s WPA Password”

  1. March 24

    A Jolly Jolly

    This only works with routers that have wifi protected setup (aka the little easy button) enabled. To be fair, this is almost all of them. This attack’s pretty old btw 🙂

  2. March 24

    Guest

    The lesson I take from this is that you shouldn’t let the marketing department design the crypto.

    WEP was basically designed to make people “shut up about security”; they had some amateurs throw something together with predictable results.

    WPA2-personal was vaguely OK, if obscenely overcomplicated because of the “need” to support a bunch of weird until somebody decided that actually setting up keys was too hard for users (more correctly too expensive for vendors to provide a UI for…) and added the WPS “usability” hack that’s being attacked here. And it looks like they had amateurs do that, too.

    Neither of them lasted 5 years against anybody who knew anything about attacking this sort of stuff. Any delay you see is how long it takes for somebody to both bother to take a hard look and be interested in publicizing the results.

  3. March 24

    Josh Hill

    Yeah it only works if you have WPS enabled. Many newer/updated routers that have it turned on rate limit it as well. After so many incorrect attempts it will either actively fail (tell you you’re being throttled) or will silently fail (always say it’s incorrect even if it’s the correct PIN).