A CyberArk researcher, Ido Hoorvitch, identified that many urban areas have unsafe and weak WiFi passwords that can be easily cracked. Hoorvitch collected 5,000 Wifi hashes around his neighborhood using network sniffing equipment. These were run through CyberArk’s “monster” password cracking rig which used an exploit found in PMKID hashes.
Hoorvitch noted that many people use cell phone numbers as their WiFi password. This allowed him to crack numerous hashes, obtain passwords, and then access their networks. In the cases where a phone number was used, it took approximately nine minutes for each crack. If routers do not support roaming modes, then they are not susceptible to this attack. It is recommended that complex passwords should be used with secure encryption protocols. WAP/WAP1 should be disabled.
Author: Matias Madou
Published: October 20, 2021
Link
Matt,
I enjoyed this article. I found it interesting that so many individuals use their cell numbers as their WiFi password. This is something that I honestly had not even thought about before and was not aware was so common. It really shows that it is important to set secure passwords even on your home WiFi, where one might think that they are more safe to set a less complex password.