According to an article by Zeljka Zorz of HelpNetSecurity, “Hashcat developer Jens “Atom” Steube found a simpler way to capture and crack access to credentials protecting WPA and WPA2 wireless networks.”. It’s not entirely surprising that WPA was compromised as it hasn’t been secure for years but what is startling about this article is the WPA2 is the strongest and most prevalent wireless security protocol in existence today – and it’s just made easier to crack. Steube was able to create a new way to recover the WPA2-PSK passphrases from vulnerable devices which doesn’t require a 4-way handshake. The 4-way handshake was previously required to then brute force crack the wireless networks passphrase. In order for hackers to get this handshake, they were required to be in range of both the router and a device connecting to the network so that this handshake code could be sniffed. Also, the hacker was also required to be “sniffing” the packets for this information at the time a device attempts and connects to the wireless network.
Now, while this isn’t going to impact all routers it does bolster the idea that a strong, complex passphrase on your wireless network could mean the difference between cracking the wireless in a few hours or days versus taking such a long time to crack the network that the hacker gives up or is out of passwords to try. This attack would be much harder to perform on the new WPA3 protocol but is still years away from being mainstream so until then you decision makers might consider changing your wifi passwords to be 15 random characters with uppercase letters and special characters/symbols to make it more difficult and time consuming to compromise.