Skip to main content

Network routers with roaming enabled are likely susceptible to a new attack

Hashcat creator Jens Steube accidentally discovered a new method to break into network routers while researching new ways to attack the new WPA3 security standard. He stumbled onto an attack technique capable of cracking hashed passwords based on the Wi-Fi Protected Access Pre-Shared Key (WPA-PSK) security protocol.

For starters, WPA is a mechanism in wireless networking that encrypts and decrypts data passed between the router and a connected device. The PSK aspect applies to the network’s password or passphrase, as the router creates a unique 256-character key that is shared between both devices. These keys change periodically to prevent hackers from infiltrating the network.

Recommended Videos

In a typical attack, the hacker must be in the range of a router and a connecting wireless device, and patiently wait for the latter device to log onto the network. When the wireless device begins the connection process, the hacker must run a tool in the exact same moment to capture the full four-way “authentication handshake” made between the router and the device.

Please enable Javascript to view this content

That’s not the case in the new attack. With this method, the hacker needs only a small portion of the handshake called the Robust Security Network Information Element (RSN IE). Even more, the hacker can connect directly to the router and access the needed data rather than lurk in the background and wait for someone to connect.

“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11 i/p/q/r networks with roaming functions enabled (most modern routers),” Steube says.

The login aspect of connecting a wireless device to a router consists of a set number of steps or frames. The RSN IE is an optional field within one of those steps that contains the Pairwise Master Key Identifier, a networking component that verifies that both the router and wireless device know the PSK-based password. This component is the new method’s attack vector, retrieving the stored PSK-based password.

According to Steube, the attack requires three available tools: Hcxdumptool v4.2.0 or higher, Hcxtools v4.2.0 or higher, and Hashcat v4.2.0 or higher. The first tool on the list grabs the necessary connection frame and dumps it into a file. The second tool converts the saved data into a format that can be read by Hashcat. This third tool cracks the encryption.

Ultimately, this method reduces the time used to access the stored passwords but doesn’t lessen the time needed to crack the encryption protecting these passwords. The cracking duration depends on the password complexity, thus if router owners never change the password from the factory default, the password should take no time to crack.

To better protect yourself from a possible attack, change the default password on your router. Using your own password is supposedly better than allowing the router to create one for you, and always use a variety of characters: Lower and upper-case letters, numbers, and symbols. If you’re not great at remembering passwords, Steube suggests using a password manager.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
ChatGPT just got a bump to its coding powers
ChatGPT collaborating with Notion

For its penultimate 12 Days of OpenAI announcement, the company revealed a trio of updates to ChatGPT's app integration on Thursday, which should make using the AI in conjunction with other programs on your desktop less of a chore.

OpenAI unveiled ChatGPT's ability to collaborate with select developer-focused macOS apps, specifically VS Code, Xcode, TextEdit, Terminal, and iTerm2, back in November. Rather than needing to copy and paste code into ChatGPT, this feature allows the chatbot to pull specified content from the coding app as you enter your text prompt. ChatGPT, however, cannot generate code directly into the app, as Cursor or GitHub Copilot are able to.

Read more
Here’s why some PC gamers shouldn’t install the latest Windows 11 update
Overwatch 2 running on the LG OLED 27 gaming monitor.

The latest Windows 11 update, codenamed 24H2, has been a troubled rollout for Microsoft, but one thing's been clear from the beginning: PC gamers should wait to install it. Let's add another issue to the list, shall we?

As spotted by Windows Latest, Microsoft has confirmed in an update to its Windows 11 24H2 problems page, that Windows 11 24H2 is causing issues with its Auto HDR feature. The result of the bug is that incorrect colors are being displayed or, even worse, are breaking games entirely and causing them to not be responsive.

Read more
Someone just got the Intel B570 GPU a month in advance — and it works
ASRock's Arc B570 Challenger GPU.

Although Intel's Arc B580 is already here, the B570 is only set to launch on January 16. However, a German retailer listed the card well ahead of time and, surprisingly, one B570 actually shipped to a customer. The B580 is one of the best graphics cards for budget-conscious gamers, but how will the B570 compare?

Early listings and preorders happen shockingly often. For example, yesterday we found an RTX 5090 PC priced at well over $6,000. However, those listings often don't amount to much, and the items don't ship until their designated release dates -- but not this time.

Read more