WiFi hackers

[Bill Henry-]

The latest CERT Advisory states that most WiFi systems are vulnerable to hackers.

If you are running a wireless system from your store or your home, you may wish to download an update for your modem from your service provider.

 

[Peter Odems]

Hmm... this report only contains poor information. When you use a WPA2 protection with a 28 - 32 characters password, it will be almost impossible to hack the network. Older networks with lower-class protection are vulnerable and can be canned easy by hackers with a hacking-utility. Most older networks still exist because the PC's are not able to run a WPA2 encryption.

So, when you still use older protection, any update will make nothing better.

 

[Rick Bergeron - CPF]

If you read all the references, the issue also exists with WPA/WPA2.

Granted, 8-10 hours is required using brute force but the PoC and routines have been made public.

 

[Mike Labbe]

I was able to test it at home with (my own) WPA before, but it took a loooong time.

It only takes about 2-5 minutes to retrieve a WEP wifi password, though. It's scary that many ISPs still install equipment that uses it by default.

Verizon FIOS (Fiber Optic) is one of those, which is hugely popular in many states. Theirs is even worse, because you can immediately calculate someone's default WEP password simply from knowing the SSID (network name). They were calculated with a math formula that can be done backwards to get the password, and there are many websites (and phone apps) that offer the formula to convert. If you have Verizon FIOS, that's something that should be changed ASAP.

This is a very real topic that deserves some review, in my opinion.

Mike

 

[Peter Odems]

If you read all the references, the issue also exists with WPA/WPA2.

Granted, 8-10 hours is required using brute force but the PoC and routines have been made public.

Yes. This can also happen with WPA2 when you use a simple password like "help" or "secret". But even than, a password can only be discovered when the server communicates with one of the users. And not only in one session but in many sessions. This will not happen with hacking by using a car parked before a house. This can happen with bad hacking neighbors. Just make a password as I noted and when you have thoughts about your neighborhood, change that password regularly.