Another worrying Wi-Fi exploit could potentially plague your router


There’s a fresh worry in the world of Wi-Fi today, as another flaw has been uncovered in the WPA2 security protocol used by most modern routers, making it look shakier than ever.

Perhaps it’s just as well, then, that work on WPA3 – the next-gen standard – is underway. Indeed, the researcher who discovered the new Wi-Fi vulnerability was actually looking for ways to attack WPA3, and accidentally discovered a hole in WPA2 (which the future standard has much better defenses against).

As Bleeping Computer reports, developer and security expert Jens Steube found the flaw in WPA2 (and WPA), which makes it much easier to potentially crack into the Wi-Fi network.

Typically, this previously required capturing a full four-way authentication handshake, and to do so meant waiting for a user to login to the Wi-Fi network. But using this new method, an attacker can simply attempt to authenticate to the Wi-Fi network, in order to grab a single EAPOL frame from the router and extract the necessary details from that instead. Basically, the process can happen more or less instantly, rather than being a convoluted wait-and-hope affair.

Note that at this point, the attacker doesn’t extract the bare PSK (Pre-Shared Key) login password of the Wi-Fi network, but rather a hash containing it, which then has to be brute-forced. So the attacker isn’t on to the network yet, but they’ve got a foot well in the door, and if the password isn’t particularly secure or complex, it won’t take long to crack.

Are you safe?

So does this affect your router? Steube observes: “At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers).”

The key takeaway there is that it likely affects most contemporary WPA2-using routers, albeit those with PMKID (Pairwise Master Key Identifier) roaming enabled. That could include some consumer routers, and not just enterprise-focused models, although it’s far from fully clear exactly which hardware is vulnerable at this point.

At any rate, as we said at the outset, it looks like WPA3 really needs to hurry up and arrive. As well as this flaw, WPA2 was hit by the KRACK Wi-Fi vulnerability late last year, which again exploited the four-way authentication handshake for a diverse range of potentially nefarious purposes.