Return to list of client alerts
With most companies still having a significant work-from-home workforce, either temporarily or permanently, those networks are now your networks. Zero Trust is probably the best defense, but for most companies, Zero Trust is a future pipe dream.
So now your corporate network is extended into dozens or hundreds of employees homes with WiFi access points that you don’t control.
A researcher in Tel Aviv decided to see how hard it would be to hack those home WiFi networks.
Ido Hoorvitch went into the city center of Tel Aviv and sampled the network hashes of 5,000 randomly selected networks.
Next he exploited a flaw that allows the retrieval of a PMKID hash, which is usually generated for roaming purposes. This attack was documented by Hashcat back in 2018. This cost him $50 in parts. This attack does not require you to capture the user’s login attempt and it does not require you to connect to the network – this is a passive attack in that sense. Also, the attacker only needs to capture a single frame.
The attacker started out with 5,000 samples.
He cracked 2,200 of them using an offline brute force attack based on people often using their cell phone number for their password. That took 9 minutes per cracked password for each of these.
Then he upgraded to a dictionary attack. That got him another 1,359 passwords.
Pretty simple attack and even if it is only effective 70% of the time, that is a pretty good hacking return on investment for $50.
Once the attacker is on your network, he/she is now an insider and can proceed with trying to compromise the computers on that network, including yours.
So, bottom line, strong passwords and patching go a long way.
Note that in many cases, your employees WiFi is provided by their ISP and that password is probably still default. It may even be the same for all customers. I know that the one that MY ISP gave me used my last name as the password. Super secure.
Credit: Bleeping Computer