The Risks of Using Pre-Shared Keys for WPA/WPA2 Security
0
0
Table of Contents
WPA uses a pre-shared key to secure communications between wireless clients and the network access point. It also uses a more robust encryption system than WEP.
But recently, researchers discovered the KRACK attack on WPA2, which makes capturing and hashing your organization’s PSK easy. Learn how to prevent unwanted access to your network.
1. Captured Over-the-Air
The most common reason that businesses use PSK is because of a lack of newer hardware that supports AES. However, if weak passwords are used on the network and the wireless configuration is not updated regularly, attackers can still compromise WPA2-PSK networks.
As a result of this, organizations should be implementing AES across their networks. It’s also worth noting that even with the latest hardware, PSK isn’t immune to side-channel attacks.
Fortunately, this flaw was fixed in 2018 with the introduction of WPA3. However, that doesn’t mean you should stop using WPA2. WPA2-Personal is more secure than the older WEP system because it uses a PMK (pairwise master key) derived from the RADIUS server. This means that the key is never directly derived from the passphrase, which makes brute force attacks more difficult.
2. Captured Offline
The pre-shared key can be captured offline and used to decrypt or modify data in transit. This is possible because the wireless protocol doesn’t authenticate client devices — only access points. This allows hackers to impersonate access points, redirecting packets to unauthorized destinations.
While WPA-PSK is more secure than WEP, this doesn’t mean it’s bulletproof. Hackers can brute force attacks against the PSK if they capture the four-way handshake. This can be done on a laptop that is not connected to the network, or on any device that can capture wireless traffic (like a wired camera).
Once an attacker has the PMK, they can decrypt traffic on all devices in the parking lot. The attack is fairly simple, as the PMK can be found in the Windows configuration of the user’s computer (and many users keep their wireless password in plain sight). The PMK can also be gathered from a lost or stolen laptop, or even from a website that uses a free tool to reveal it.
3. Captured In-Flight
If a password is not changed regularly or the pre-shared key is too short, it can be cracked by attackers that have a device that supports WPA/WPA2 or if they are able to capture the handshake packets during the initial authentication of new devices on the network. During this phase an attacker can capture the challenge and response packets which contain the encrypted key. An attacker can also spoof their MAC address to avoid detection in the router’s logs. In either case, an attacker can get all the information they need to crack the pre-shared key and decrypt traffic on your network.
The Wi-Fi Alliance made adjustments to the gaping WPA/WPA2 security flaws of WEP resulting in WPA, which uses 128-bit value keys and Message Integrity Checks (MIC) for each data packet. Despite these enhancements, WPA has its own chinks that have been exploited by hackers.
4. Captured On-Demand
Although WPA2-PSK is more secure than WEP, the wireless WPA/WPA2 security standard also has some serious weaknesses. One of these vulnerabilities, the KRACK attack, allows attackers to capture and reuse data packets that have already been encrypted, essentially bypassing encryption. Additionally, this attack leverages the weakness of TKIP to perform key reinstallation attacks.
Another problem with this type of attack is that once the attacker has captured the four-way handshake, they can use it offline to crack your passphrase. In the past, this was impractical to do if your password was moderately difficult but it has become much easier over time.
Also Read: PIF File Extension – What is.pif and How to Open?
Lastly
As a result of these vulnerabilities, we recommend avoiding the use of pre-shared keys in your wireless network and opting for a more secure solution like WPA2-Enterprise with AES or even the newer WPA3 with Dragonfly key exchange. This provides individual user credentials for authentication, which eliminates the need for a pre-shared key and can be integrated with your existing identity management system (like Active Directory) to provide additional WPA/WPA2 security benefits.
