fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Researcher Cracked 70% of WiFi Networks Sampled in Tel Aviv

Researcher Cracked 70% of WiFi Networks Sampled in Tel Aviv

A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack.

CyberArk security researcher Ido Hoorvitch first wandered in the city center with WiFi sniffing equipment to gather a sample of 5,000 network hashes to use in the research.

Next, the researcher exploited a flaw that allows the retrieval of a PMKID hash, usually generated for roaming purposes.

To gather PMKID hashes, Hoorvitch used a $50 network card that can act as a monitor and a packet injection tool and sniffed with WireShark on Ubuntu, both free software.

Logging PMKID hashes on WireShark
Logging PMKID hashes on WireShark
Source: CyberArk

The PMKID hash comprises the network’s SSID, the passphrase, the MAC address, and a static integer.

PMKID hash
PMKID hash

Using a previously discovered method by Jens “atom” Steube’s (Hashcat’s lead developer), the researcher gathered PMKIDs that would be cracked to derive the password.

“Atom’s technique is clientless, making the need to capture a user’s login in real time and the need for users to connect to the network at all obsolete,” explains Hoorvitch in the report.

“Furthermore, it only requires the attacker to capture a single frame and eliminate wrong passwords and malformed frames that are disturbing the cracking process.”

At first, “mask attacks” were launched to determine if any users had set their cellphone number as their WiFi password, which is common in Israel.

Cracking such passwords would be a case of calculating all number options for Israeli phone numbers, and that’s ten digits starting with 05, so it’s only eight digits.

Using a standard laptop, the researcher cracked 2,200 passwords at an average speed of nine minutes per password using this method.

The next phase of the attack involved a standard dictionary attack, using the ‘Rockyou.txt’ dictionary.

This led to quickly cracking another 1,359 passwords, with most of them using only lower-case characters.

Total number of cracked passwords.
Total number of cracked passwords.
Source: CyberArk

Poor security practices

By following this simple and inexpensive cracking method, the researcher cracked roughly 70% of the passwords for the sampled WiFi networks.

The research shows that most people are not setting a strong password for their WiFi networks even though they are at risk of being hacked.

If your WiFi password is hacked, anyone can access your home network, change your router’s settings, and potentially pivot to your personal devices by exploiting flaws.

Good passwords should be at least ten characters long and have a mix of lower case and upper case letters and symbols and digits.

If you want a password that is easier to remember, you can try a three-word random passphrase that contains numeric or special symbols as separators.

Finally, if your router supports roaming or WPS, disable them both, as it trades security for convenience.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us