A new way to compromise the WPA/WPA2 security protocols has been accidentally discovered by a researcher investigating the new WPA3 standard.
The attack technique can be used to compromise WPA/WPA2-secured routers and crack Wi-Fi passwords which have Pairwise Master Key Identifiers (PMKID) features enabled.
Security researcher and developer of the Hashcat password cracking tool Jens "Atom" Steube made the discovery and shared the findings on the Hashcat forum earlier this month.
At the time, Steube was investigating ways to attack the new WPA3 security standard. Announced in January by industry body the Wi-Fi Alliance, WPA3 is the latest refresh of the Wi-Fi standard.
WPA3 aims to enhance user protection, especially when it comes to open Wi-Fi networks and hotspots commonly found in public spaces, bars, and coffee shops. The new standard will utilize individualized data encryption to scramble connections -- as well as new protections against brute-force attempts to crack passwords.
However, the aging WPA2 standard has no such protection...
Read more: https://www.zdnet.com/article/new-wi...rds-with-ease/
Does that mean we all have to dig in our pockets again for new modem/routers that support WPA3 security? Will manufacturers bother to supply new firmware to existing routers? Is it even possible? Personally I won't panic as all these 'vulnerabilities' warnings are getting over the top although legitimate. Getting tired of it all.
WPA3 Standard Officially Launches With New Wi-Fi Security Features
I think "with ease" is overstating it. This is still a brute-force attack so a strong password will still be impractical to crack. The method just makes it easier to obtain the hash value to attack.
Agreed, not to mention that brute-force attack had been available for WPA2 Personal with PSK prior to this exploit:
Quote