33

WPA 2 can be cracked using Aircrack-ng in Kali Linux. Is there any other security protocol for Wi-Fi which is not compromised?

RaJ
  • 525
  • 1
  • 4
  • 8
  • 62
    It's not WPA2 the algorithm that is vulnerable, is a "feature" (WPS) the one that is vulnerable and therefore, the one that tools like `reaver` aim for. Just disable WPS, and you are ok. – The Illusive Man Nov 22 '16 at 11:10
  • 11
    Could you be a bit more specific about why it would be cracked? What is the vulnerable point? Do you mean WPS? I am not sure everybody would agree that it is "cracked". – Anders Nov 22 '16 at 11:18
  • 2
    Not true. Wpa2psk uses session keys that are easy to derive for other users of the network – Marcus Müller Nov 22 '16 at 11:20
  • 15
    @MarcusMüller WPA2-PSK is not designed to protect against others who know the PSK. The fact that it does not should therefor not be taken as a sign that it is broken. – Anders Nov 22 '16 at 11:33
  • @Anders I do agree! But that's not what OP is asking. OP said she/he can "crack" WPA2 in Hotspots, and I interpret that OP can sit in a Starbucks and read other people's traffic – Marcus Müller Nov 22 '16 at 11:50
  • 7
    Define "compromise". What security goals do you have? What threats are you trying to prevent? As our [help/on-topic] explains, "Security is a very contextual topic: threats that are deemed important in your environment may be inconsequential in somebody else's, and vice versa. [...] To get the most helpful answers you should tell us: what assets you are trying to protect, who uses the asset you're trying to protect, and who you think might want to abuse it (and why), [...]" – D.W. Nov 22 '16 at 17:45
  • 1
    Just because there is a tool aimed to crack something doesn't mean that "something" is broken. You can try to brute-force any algorithm, but that doesn't mean you will succeed. – Dmitry Grigoryev Nov 23 '16 at 12:00
  • @Anders: I disagree. A cryptosystem designed with a fundamentally wrong trust model is broken even if it meets all its formal requirements - they're the wrong requirements. – R.. GitHub STOP HELPING ICE Nov 24 '16 at 00:33
  • @R This comes back to, what are your security goals? If you trust everyone using the network, then that's completely valid. – jpaugh Nov 24 '16 at 02:01
  • IMO wifi hotspots are actually safe, it is what you do while connected to said hotspot, and how secure your OS is/what you are doing while connected that is the main concern. – NZKshatriya Nov 26 '16 at 23:37
  • Possible duplicate of [Are WPA2 connections with a shared key secure?](http://security.stackexchange.com/questions/8591/are-wpa2-connections-with-a-shared-key-secure) – Josef Nov 30 '16 at 13:17

3 Answers3

96

EDIT/UPDATE 2017-10-17: This answer does not account for KRACK. That's an attack on both WPA2-PSK and WPA2-Enterprise. There's ways to detect and mitigate it, but they're not covered here.

You need to make a difference here. There's multiple things to consider. Also "WPA2" isn't precise enough – there's WPA2-PSK (pre-shared key), and WPA2-Enterprise (which relies on an external auth server)

1. The attacker wants to gain access to traffic or network, but is not in possession of the credentials to enter

Well, bad luck. WPA2, both PSK and Enterprise protect well against that, unless the credentials are easy to guess. And that's not a "brokenness" on part of the system – if you used your user name as login to a website, you really can't blame the website for being "easy to crack".

So, in this respect, WPA2 is utterly secure (as long as you don't use WPS, but your question is about hotspots, so that's pretty surely not the case).

2. The attacker is already part of the network and now wants to read other user's traffic

That's an especially relevant attack scenario for hotspots – getting access to the network might be as simple as buying a cup of coffee in cash.

So. Let's make a difference here:

2.1. Hotspot uses WPA2-Enterprise

You log on to the hotspot, proving (securely) that you know the credentials. The access point checks that in cooperation with an authentication server (802.1x). The authentication server generates a secret that is cryptographically secure enough to base your communication with the Access Point on. Every user gets a different key for encrypting their traffic. No user can spy on other users.

WPA2-enterprise is not "broken" in any sense of the word.

2.2. Hotspot uses WPA2-PSK

You log onto the access point, proving that you know the PSK. The access point generates, in cooperation with you, a secret key with which you encrypt and decrypt traffic between you and the hotspot.

Other users do the same: prove that they know (the same) PSK, then generate a secret for their traffic crypto.

So, in a first look at the system, this is just as secure as WPA2-Enterprise.

HOWEVER: Due to weaknesses in the way the user-AP secret keys are generated, it's very easy for someone who already has one of these keys (which being logged on to the cafe's AP guarantees) and knows the PSK (which every user of your favourite coffee shop does) to recover the secret user-AP key of someone else by observing but a couple packets, totally passive.

That is a serious design flaw.

Hence, WPA2-PSK is "broken" in the sense that it doesn't protect users of a WiFi network against spying by other legitimate users of the same network. @Josef and I aren't in full agreement whether that is "by design" or really "brokenness".

In any case, what you should take away from this is: whenever you're on a WiFi that uses the same key for everyone, your traffic can be read by everyone else on the network.

Is there any other security protocol for Wi-Fi which is not compromised?

Use WPA2-Enterprise. You will need to set up a 802.1x server (typically, radius or something equivalent), and that can be a hassle, but if you own an Access Point and want to provide secure access to everyone, that's your only choice. And it's not that complicated, at all.

If you're just a user of a wifi, old saying says:

  • Trust no-one else's infrastructure. Use encryption.

In other words, if you're on a network where you can't trust other users, you might as well not trust the Access Point, which has the job of deciphering your WiFi traffic...

Use a VPN whenever you're on someone else's network. That's standard etiquette.

Marcus Müller
  • 5,843
  • 2
  • 16
  • 27
  • 5
    "your traffic can be read by everyone else on the network." Like it is with ethernet, so while it would have been a nice addition (and a priori not very difficult), it is not necessarily broken. – njzk2 Nov 22 '16 at 15:07
  • 15
    @njzk2: "Like wired ethernet" was the goal of WEP, literally **Wired-Equivalent Privacy**. WPA is supposed to secure clients from each other; failure to do so is "broken". – Ben Voigt Nov 22 '16 at 17:04
  • 6
    @BenVoigt _WPA is supposed to secure clients from each other_ **[citation needed]** – Josef Nov 22 '16 at 21:01
  • "your traffic can be read by everyone else on the network." Is this true for all traffic? For example, when using end to end encryption (gmail), can that also be "read"? – Tracy Cramer Nov 23 '16 at 01:16
  • 4
    @TracyCramer Not in that sense. In this case "your traffic" is the raw data sent to the Wifi access point. If "your traffic" is further encrypted by another protocol, then there is yet another level to crack. – Moby Disk Nov 23 '16 at 03:36
  • Is this true for APs that have device separation? I'm guessing that it wouldn't make any difference because the data packets are obtained at layer 1, where as device separation would be at layer 2, layer 3 – Drifter104 Nov 23 '16 at 13:39
  • Not only read, but potentially intercepted and faked too. Someone else could fake to send packages seeming to come from you. So an encryption handshake could be stolen, putting their hand in between. But if the handshake is already done and encryption established as @MobyDisk says then they would need to crack another layer. – mathreadler Nov 23 '16 at 18:50
  • @mathreadler You must do a MITM attack to steal the encryption handshake. Listening to the transmission is not sufficient. – Moby Disk Nov 24 '16 at 02:54
  • But who can be "in the middle" if the signal travels by air? There is only a "middle" if on wire. – mathreadler Nov 24 '16 at 05:06
  • @mathreadler I think you're confused... There's no "not in the middle" when the signals travel by air... you know... there's no direct wire, so anyone can communicate and "hear" the communication. Just like anyone can heart public FM radio. – Marcus Müller Nov 24 '16 at 06:10
  • Exactly. So anyone can try and mimic the signal someone else is sending while trying to confuse them to stop sending their own signal. – mathreadler Nov 24 '16 at 06:12
20

WPA 2 is not compromised.

For WPA2-PSK (pre-shared key) without WPS, only the key can be cracked using a brute-force attack or a wordlist. This can also happen offline (meaning you collect some data from a network, then crack the key without staying near that network).

If you use WPA2-PSK, use a strong key.

People who know this key to your network can read all the traffic, so you should only give that key to people you trust. If you are in a setting like a public cafe, where everyone uses the same PSK, then all this people can read your traffic.

WPA2-Enterprise with certificate authentication is even more secure. If it is implemented correctly, everyone uses a different key so other people in the network can't read your traffic using WiFi. (But for example you can assume that someone connected to the accesspoint using a cable still can do that!)

There is also WPS which is insecure and should be disabled. WPS has two modes. In the first, your router will give the secure WPA2 key to anyone for some time after you press a button. In the second mode, your router will give the secure WPA2 key to anyone who knows a very short number (usually 4-7 digits). So if I just try that with all numbers from 0000 to 9999 on your router, I will get your key. Disable that!

Josef
  • 5,903
  • 25
  • 33
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/49019/discussion-on-answer-by-josef-how-safe-are-wi-fi-hotspots-because-wpa-2-is-comp). – Rory Alsop Nov 23 '16 at 18:31
  • 1
    There is also TKIP vs. AES that is supported by WPA/WPA2. TKIP relies on RC4 encryption and exists solely to make older WEP hardware software-upgradable to WPA/WPA2, but it's not much more secure than WEP. If all devices in a Wi-Fi network have hardware AES, then TKIP can be disabled entirely removing the vulnerable RC4 encryption that's been broken. – penguin359 Nov 23 '16 at 21:25
  • Summary of the comments moved to chat: WPA2-PSK tries but fails to protect users that know the password from each other, by generating per-station session keys. This part *is* compromised (see Marcus's answer), so other people that already have the password can do more to your traffic than you might expect (depending on what your expectations were in the first place). WPA2-Enterprise doesn't have this flaw, which I think is what that paragraph in the answer is talking about. – Peter Cordes Nov 25 '16 at 12:21
5

If the security of your endpoint depends on security of the transport layer or anything lower-level, you've already lost the game. Even if there were no issues in WPA2, you'd be vulnerable to a compromised or fake router. Treating the network as trusted is a fundamental mistake that creates a huge attack surface and huge cost of attempting to maintain security.

Instead, simply treat the network as compromised and act accordingly. Use TLS (e.g. HTTPS) or similar protocols that both encrypt your traffic and prove the identity of the peer you're communicating with. Some information will leak (things like the identities of sites you're connecting to); if this is a problem there are various ways (e.g. Tor or VPNs, but the details of how you use them are important) you can address that concern.

R.. GitHub STOP HELPING ICE
  • 7,813
  • 1
  • 23
  • 34