Make sure you use long random PW for your WiFi folks

(knows someone who knows Tom quite well) #1

A new attack has been found that makes it easier to grab credentials for brute forcing WiFi -

(Jack) #2

Always worthwhile changing from the default some routers come with, even if it seems secure.

(I'll flag any comment for 50p) #3

My username and password is admin and password.


Mine too

(Andy) #5

Interesting if not slightly old school way!

(Will flag Danny for cake) #6

My WiFi is DHSS Investigation Unit

Nobody tries to connect :smirk:

(I'll flag any comment for 50p) #7

I have all these spare SSID’s I can use. I will make swear words and stuff :joy_cat:

(Andre Borie) #8

Doesn’t look significant. This vulnerability simply removes the requirement of capturing a 4-way handshake, which honestly was never the bottleneck. This does not make it any easier to actually crack the hash, so whatever passwords you used to have are just as secure now.

@Danny I remember putting weird UTF-8 characters in spare Wi-Fi SSIDs and it was doing funny things on some devices that don’t expect special characters there (like newlines, etc). :joy:


I’ve always had my wifi network Open, got nothing to hide :wink:

(Jack) #10

Where I work there used to be a random WiFi network called GCHQ. Never found out what it was but it’s vanished now.

We also had our unrestricted access point in our IT office to “Police Servailance-Fbso32”. Since then the whole network has had an upgrade :raised_hands:t3:

No one asked for it’s password :slight_smile:

(I'll flag any comment for 50p) #11

What would happen if you were to put some offence names that could be seen from the street, could you be found easily?

(Andre Borie) #12

Relatively easily for someone skilled (aka be able to run airodump-ng, walk around with the laptop and look at the signal strength, but apparently that means “skilled” nowadays given that anything beyond opening Facebook is considered as skilled these days).

Whether anyone who would get offended would care enough to actually pay someone to find out is another matter.

Though if you really wanted to troll you could just put the entire thing in a Raspberry Pi, a solar panel and a waterproof box and hide it somewhere. If someone were to actually pay good money to try and find out who it is they’ll be up for a disappointment.

(Michael) #13

Those Huawei 3g dongles can last quite a while and still put out a WiFi network without an SD card in. I used to have mine plugged into the car so the WiFi network was everywhere I went, was usually named something work related for some easy advertising :wink:

(Andre Borie) #14

Even smaller. :wink:

(Michael) #15

Esp8266’s aren’t quite as small as that, but are easy and cheap to get hold of and fairly easy to program. I forget I have them all around the house!


When I put Emojis in my SSID it stopped loads of devices that couldn’t render them like my Fitbit Scales from being able to connect.
Rather than removing emoji just had to create another SSID.

(knows someone who knows Tom quite well) #17

I disagree, the 4-way handshake only happens when a legit user connects to the router. That might happen regularly enough if someone is targeting you, but this allows people to pick up hashes whilst wardriving.

(Andre Borie) #18

Can’t you send deauthentication packets to force a reconnection and then capture the handshake?

(knows someone who knows Tom quite well) #19

I’d have thought so - provided there are clients to deauth. But how long would it take? Isn’t it usually a second or two if not longer?

This attack needs nothing at all - if the router is vulnerable and switched on you can grab the hash.