Israeli researcher identifies more than 3500 Wifi networks were hacked in Israel Tel Aviv without any difficulty. A total 0f 5000 wifi networks were targeted. The hacking underscored how weak passwords could become an entry point for serious threats to individuals, small businesses, and enterprises.
Wifi-sniffing equipment helped the Israeli researcher to gather 5,000 network hashes for the study. The new wifi attack picks up from Stenbue’s “atom” findings in 2018 that entails locking on the PMKIDs associated with a client for a brute-force attack through password recovery tools like haschcat.
“Atom’s technique is clientless, making the need to capture a user’s login in real-time and the need for users to connect to the network at all obsolete,” Hoorvitch said in the report. “Furthermore, it only requires the attacker to capture a single frame and eliminate wrong passwords and malformed frames that are disturbing the cracking process.”
The gathered hashes underwent a “mass attack” to know if cell phone numbers were “used as wifi-passwords. A practice wide-spread in Israel, which helped the israeli researcher crack 2200 passwords. In a dictionary attack later, the researcher cracked an additional 900 hashes using “RockYou.txt” as a password source. The number of hacked passwords decreased as the password length increased.
“The lesson here? The longer the password, the better,” Hoorvitch said. “A strong password should include at least one lower case character, one upper case character, one symbol, one digit. It should be at least 10 characters long.”