War-Driving Technique Allows Wi-Fi Password-Cracking at Scale

A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.

War-driving – the process of driving around mapping residential Wi-Fi networks in hopes of finding a vulnerability to exploit – can still pay off for attackers, apparently: A CyberArk researcher recently found he could easily slice open about 70 percent of Wi-Fi network passwords in one Tel Aviv community — all at once.

CyberArk’s Ido Hoorvitch ran the experiment after observing that across multiple apartment moves, his neighbors’ mobile numbers turned out to also be their Wi-Fi passwords. He knew this because he asked to piggyback on the neighbors’ Wi-Fi while waiting for cable to be installed.

From there, “I hypothesized that most people living in Israel (and globally) have unsafe Wi-Fi passwords that can be easily cracked or even guessed by curious neighbors or malicious actors,” he noted, in a Tuesday blog. Well, it turns out he was right.

Walking, Sniffing & Cracking in Tel Aviv

To carry out the experiment, Hoorvitch gathered 5,000 Wi-Fi network hashes by strolling the streets in Tel Aviv with readily available, commercial Wi-Fi sniffing equipment.

His hash-sniffing rig consisted of

Read More: https://threatpost.com/war-driving-wi-fi-password-cracking/175817/