How to bypass wpa wpa2 psk security

If you want to protect your Wi-Fi network, we always recommend WPA2-PSK encryption. It's the only really effective way to restrict access to your home Wi-Fi network. But WPA2 encryption can also be cracked - this is how it works.

As usual, this is not a guide to cracking someone's WPA2 encryption. It's an explanation of how your encryption could be cracked and what you can do to better protect yourself. It works even if you're using WPA2-PSK security with strong AES encryption.

Your password can be cracked offline

RELATED: Brute Force Attacks Explained: Like all encryption, it is vulnerable

There are two types of ways to crack a password, commonly referred to as offline and online. In an offline attack, an attacker has a file with data that he can attempt to crack. For example, if an attacker were able to access and download a password database of hashed passwords, they could attempt to crack those passwords. You can guess millions of times per second and you are only limited by the speed of your computer hardware. Obviously, offline access to a password database makes it much easier for an attacker to attempt to crack a password. They do this via "brute forcing" - they are literally trying to guess many different possibilities and hope that one will match.

An online attack is much more difficult and takes much, much longer. Suppose an attacker is trying to gain access to your Gmail account. They could guess a few passwords and then Gmail would prevent them from trying more passwords for a while. Since they do not have access to the raw data with which to try to match passwords, they are severely restricted. (Apple's iCloud wasn't a rate-limiting password that was cherished this way, and that led to the huge theft of nude celebrity photos.)

We tend to view WiFi only as vulnerable to the online attack. An attacker has to guess a password and try to use it to log into the WI-Fi network, so that he certainly cannot guess millions of times per second. Unfortunately this is not the case.

The four-way handshake can be recorded

RELATED: How an attacker can crack your WLAN security

When a device connects to a WPA-PSK Wi-Fi network, something known as the "four-way handshake" is performed. Essentially, this is the negotiation where the Wi-Fi base station and a device connect to each other and exchange passphrase and encryption information. This handshake is WPA2-PSK's Achilles heel.

An attacker can use a tool such as airodump-ng to monitor the data traffic transmitted over the air and detect this four-way handshake. They then have the raw data they need for an offline attack, guess possible passphrases and try against the four-way handshake data until they find one that matches.

If an attacker waits long enough, they will be able to capture this four-way handshake data when a device connects. However, they can also perform a "deauth" attack, which we covered when we looked at how your Wi-Fi network could be cracked. The deauth attack forcibly disconnects your device from its Wi-Fi network and your device instantly reconnects and performs the four-way handshake that the attacker can capture.

Image source: Mikm on Wikimedia Commons

Cracking the corrugator handshake

With the captured raw data, an attacker can use a tool like "cowpatty" or "aircrack-ng" along with a "dictionary file" that contains a list of many possible passwords. These files are generally used to speed up the cracking process. The command tries every possible passphrase against the WPA handshake data until a suitable one is found. Because it is an offline attack, it can be carried out much faster than an online attack. An attacker does not need to be in the same physical area as the network while trying to crack the passphrase. The attacker could potentially use Amazon S3 or another cloud computing service or data center by throwing hardware into the cracking process and speeding it up drastically.

As usual, all of these tools are available in Kali Linux (formerly BackTrack Linux), a Linux distribution for penetration testing. They can be seen in action there.

It's hard to say how long it would take to crack a password this way. For a good long password, it could take years, possibly hundreds of years, or more. If the password is "Password" it would probably take less than a second. As the hardware improves, this process will accelerate. For this reason, it's a good idea to use a longer password - 20 characters would take a lot longer than 8 to crack. Changing the password every six months or every year might help too, but only if you suspect someone is actually spending months of computing power cracking your passphrase. They're not that special, of course!

Break WPS with Reaver

CONNECTION: Don't have a false sense of security: 5 Insecure Ways to Secure Your Wi-Fi

There is also an attack against WPS, an incredibly vulnerable system that many routers ship with by default. With some routers, the deactivation of WPS in the interface does not matter - it remains activated for attackers!

Essentially, WPS forces devices to use an eight-digit numeric PIN system that bypasses the passphrase. This PIN is always checked in groups of two 4-digit codes and the connecting device is informed whether the 4-digit section is correct. In other words, an attacker only needs to guess the first four digits and then guess the second four digits separately. This is a pretty quick attack that can be done over the air. If a device with WPS did not work in this extremely insecure way, it would violate the WPS specification.

WPA2-PSK likely has other vulnerabilities that we haven't discovered yet. Why do we keep saying that WPA2 is the best way to secure your network? Well, because it still is. Enabling WPA2, disabling the older WEP and WPA1 security, and setting a reasonably long and strong WPA2 password is the best thing you can do to really protect yourself.

Yes, your password can likely be cracked with some effort and computational effort. Your front door could also be cracked with a little effort and physical violence. But provided you use a decent password, your WiFi network will likely be fine. And if you use a reasonably decent lock on your front door, chances are you'll be fine, too.

Fastest way to scan large numbers of photos at home

My dad recently decided to scan all of our baby and childhood photos with his HP flatbed scanner at home and quickly realized that if he did it one by one, it would take years to scan all of the photos into the computer. Then he looked for more expensive devices that could scan more photos at the same time and faster. Es


Warning: How to Buy a USB Type-C Cable That Will Not Damage Your Devices

USB Type-C brings a new universal connector for laptops and smartphones, and many devices are already starting to use it. But be careful: many USB-C cables are improperly designed and could damage your hardware. Before you buy USB Type-C cables for your new devices, make sure that the cable is actually compatible with the USB cable.