Wi-Fi networks are often targeted by very skilled hackers, who exploit their knowledge to be able to derive the network password on the most vulnerable devices or who have technologies that simplify users' lives but make it easier to violate the security of our network . If we want to test the validity of the password chosen for our network and find out how to defend ourselves, in this guide we will show you the technique used to crack Wi-Fi network passwords with WPA / WPA2 protocol (on paper the most secure). Obviously we recommend testing these methods only on the networks in our possession or only after having explicitly asked the owner for their consent: we remind you that violating the networks of others without permission is a crime that can be prosecuted criminally and civilly, not to mention that nowadays the game is not the candle is worth (given the continuous updates and the simple countermeasures that we can adopt to prevent this type of attack).
READ ALSO: Find passwords to access protected Wifi networks
WPS vulnerability
Currently the WPA2 protocol is quite secure, especially if we choose a new secure password (at least 12 alphanumeric characters) and use AES encryption (practically impossible to identify). But hackers "got around the problem" by focusing their efforts on the inherent vulnerabilities hidden in WPS technology .
WPS allows you to quickly connect a new wireless device to the modem or router simply by pressing a special button: the connection of the devices is automatic and is based on the exchange of a PIN (generated by the modem or router).
Unfortunately, this PIN is generated by a very weak algorithm (based on a part of the modem's original password and / or its MAC Address): it was child's play for hackers to create a "copy" of this algorithm and insert it into the internal of specific programs and apps, so as to be able to "guess" most of the WPS PINs (and consequently the WPA passwords) present in modern modems and routers.
So in fact WPA2 / AES was not hacked, but it is possible to access a secure network with this protocol using the WPS vulnerability .
How to hack WPS from PC
In order to attempt a WPS violation (again for testing purposes on our network), we will have to use the Reaver program, available within the Kali Linux distribution.
We download the ISO image of Kali Linux and burn it on a DVD or on a USB stick; in the latter case we can use Unetbootin to create a Linux USB stick for use on any computer . It is not necessary to install Kali on the PC, but only to start the computer from DVD or USB stick, therefore running Kali in Live mode.
So Reaver doesn't go looking for the password by trying thousands, simply bypass it.
The router PIN, if the WPS connection is active, is eight numbers: The router knows four while the other devices where the wifi password is stored know the other four.
All we need to do is randomly try every possible combination of the four numbers until Rector is pinned.
Note : the use of a laptop with a working Wi-Fi card is highly recommended for this test.
To boot the computer with Kali, we insert the DVD into the drive and boot the computer from the disc or USB stick, as described in our guide on how to boot the PC from CD or USB .
Kali starts with a command prompt: immediately type startx and press Enter to start the operating system interface. In order to use Reaver, you need to get the interface name of the wireless card, the BSSID of the router you are trying to access (the BSSID is a unique set of letters and numbers that identifies a router)
In order to crack the network then open the Terminal or Terminal app, then type iwconfig and press Enter . You should see a wireless device in the list called wlan0 (or even differently).
After retrieving the name of the wireless interface, activate the monitor mode by executing the command: airmon-ng start wlan0 (Assuming that the interface name is wlan0 ); with this command the interface name in monitor mode will be mon0 .
Now run the command: airodump-ng wlan0 (If airodump-ng wlan0 doesn't work, try the command using the monitor interface, then, for example, airodump-ng mon0 ).
Once the network to be tested is found, press Ctrl + C to stop the list and copy the BSSID of the network (it is the series of letters, numbers and colons in the left column).
The network should be of type WPA or WPA2 in the ENC column.
Now we start Reaver by running the following command in the terminal and replacing the BSSID and monitor name of the network interface:
reaver -i mon0 -b bssid -vv
For example, it can be reaver -i mon0 -b 8D: AE: 9D: 65: 1F: B2 -vv. After pressing Enter, Reaver will begin working by attempting a series of keys and passwords in a BruteForce attack .
It may take several hours (even over 4 hours) for Reaver to come up with a result that clearly indicates the WPA PSK key.
If the WPA PSK key has been found, we can turn everything off and use one of the tips described in the section reserved for security countermeasures (to be applied as soon as possible).
How to hack WPS from Android smartphones
If we own an Android smartphone, some simple apps are available that speed up the process of finding the WPS vulnerability, at least for modems and routers in which this vulnerability is still active. The best apps with which we can test the security of our network are:
- WiFi Warden
- wifi wps wpa connect
- WPS WPA WiFi Tester
- WIFI WPS WPA TESTER
The effectiveness of these apps is very low, since there are now few routers and modems in circulation with the WPS vulnerability still active and exploitable (hence the many low ratings within the apps). If we really have to test our Wi-Fi network, it is worth without a doubt to try with Kali Linux, which offers more chances of success, leaving these apps only for a few tests (just to avoid that some Sunday child or hacker can use them for illegally access our network).
How to protect yourself from the WPS vulnerability
Defending yourself from the tools seen in this guide is all in all very simple: both if we were able to find the PIN or password and in the event that all our attempts have failed, we can apply the following tips to increase the security of our WIFI network:
- Disable WPS : This feature is undoubtedly convenient, but may still be vulnerable on our modem or router. Better therefore to enter the router and disable the WPS (usually in the Wi-Fi or Wireless section).
- Change the starting Wi-Fi password : if we change the password supplied by default by the modem or router, we will make it very difficult to search for new vulnerabilities.
- Use only WPA2 with AES : we ignore all the other types of protocol available for wireless, namely WPA TKIP, WPA2 TKIP and WEP.
- Reduce the transmission power of the 2.4 GHz Wi-Fi network: if we live in a small house and are well covered by wireless, we can decrease the transmission power of the modem or router, so as to prevent neighbors or worse anyone steps on the street can stop and use laptops or smartphones to attempt access to our network, especially if we live on the first or second floor: it is not uncommon to see a good modem that covers up to the roadside, also covering areas exposed to risks .
- Switch devices over 5 GHz Wi-Fi networks : if our devices allow it, we always use the 5 GHz network (with IEEE 802.11n or 802.11ac protocol). This network by nature hardly exceeds one or two walls, so it will remain well confined in our home or in our room (also the suggestions seen for the WPS and the password change are valid for it).
To further increase the security of our wireless network, we recommend you read our guide on How to configure your wireless router for a secure Wi-Fi network at home .
Conclusions
In this guide we have shown you the methods used by hackers, more or less experienced, with which you can crack WPA / WPA2 Wi-Fi network passwords. As we showed you in the penultimate chapter, protecting yourself from this type of attack is quite simple, since the most effective method for cracking such secure networks concerns the technology that allows you to quickly connect devices (given the danger, better waste time to enter a password rather than using WPS!).
In another guide we have shown you other methods to capture packets and spy on traffic on wifi networks . To protect ourselves effectively against any hacker threat, we recommend reading our Online Security Guide against hackers, phishing and cyber criminals .
