Hacking WPA3 with Mathy Vanhoef & Retia
Вставка
- Опубліковано 2 жов 2024
- WPA3 is the next generation of Wi-Fi security but that doesn't mean it's perfect. Find out how it works, and how it's already been hacked!
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → www.hakshop.com
Subscribe → www.youtube.co...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.p...
Threat Wire iTunes → itunes.apple.c...
Host: Kody → / kodykinzie
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
Woah, Kody from Nullbyte is here!!
Nice to see a familiar face on the show
Must be a old video kody has long hair now
He makes regular appearances here...
But I believe same WPA2 cracking tools don't work for WPA3 and Dos we can see it is happening but since Deauth is not there so cracking is possible ?? Or Just Brute force based on timing attack ?
Tip 1 - never join any open network.
can someone deauth me if i use macchanger?
Yes! this is what I like. Technical details
THE SAME PERSON THAT WROTE 5HE ENCRYPTION CAN UNWRITE IT the problem is the trust of humans everybody has a price
every time someone floods my router with DOS I triangulate their signal with 2 drones flying around and at the end I send my dogs after them.
How do you operate two drones at once?
@@daddyelon4577 with four hands
@@daddyelon4577 They control one and the dog controls the other.
While it is possible to use brute force on WPA3, using a 24-digit password consisting of lower und uppercase letters, numbers and special characters should still make it virtually impossible for hackers to crack your password.
Yey! Kody! Are you part of the hak5 team now?!
This isn't his first appearance
Yes, he joined hak5 😏
Great stuff, love this format. 👍
Me too. Keep it up!
Woah! Congrats to being a part of Hak5! That's huge!
This can't be Kody.
I seen him blink 😉
It's easier and harder than it's ever been. Keep making stuff.
I'm not convinced he has found a vulnerability worth worrying about
Nope... the reason the video only talks of wpa3 for the very last 10% of the video.......... GRR!!!!!
so shocking seeing blackhat footage with all the people and maskless, i know 2019 footage and was before it all went down. Really miss defcon...still waiting on more details about this year tho.
@Sec Codercould have phrased better-that footage was from 2019 (on some of the signage). Before it went down as in before covid/pandemic. Black hat is happening this year in person, and I have no idea if it did it not last year as I don't attend black hat. Defcon is happening this year in some form of part online part in person, but details are still limited.
When did you start making videos for hak5🤣
🤣🤣
About a year and a half ago!
where can you even get a wpa3 router? i have ddwrt but but it seems its bugged and it never worked for me. but does wpa3 exist for modern routers nowadays?
Router? My Aruba Instant On Accesspoints support WPA3.
AVM routers
@@logmeindog alright thats nice. yeah i know sucks about kong but still using ddwrt for those custom iptables firewall rules
just installed openwrt on a xiaomi ac2100. can set wpa3 security too.
@@logmeindog Hey does WPA3 2019 vulnerabilities has been patched yet?
And what were you talking about downgrade attacks?isnit possible when using Mixed type of network?..or WPA3 is inherited from WPA2??
Nice to see you never blink in hack5.
4:58 You cannot freaking leak my router password that way.
Тут специально показан бред. Потому что wifi ломается по другому.
Great video with lots of info. To sum this up, there’s no real point using wp3 yet as it’s still vulnerable. Hard wire everything that needs a steady connection I guess.
Why not just have a set wait to respond timeout? Instead of forcing the 40 iteration calculations. That way you don’t need to compute, just waiting to respond as if you did.
What do you mean
You can't , what if the password is too long and needs a lot of iterations? the response time might be more than what it's limited to therefore this is not applicable.
You can't , what if the password is too long and needs a lot of iterations? the response time might be more than what it's limited to therefore this is not applicable.
Can i get the Link to white paper please to understand vulnerability even better.
Yes kody keep it going bro 😎
Easy Peasy. Simply create an evil twin Wi-Fi that has a higher signal strength then the original router, most of all PCs and Smart phones keep a Wi-Fi password list for a quick connection to the network. Personally haven't tried it, sounds feasible however.
Nullbyte nice to see you here too
wouldn't it just be better to do the minimal amount of iterations, and then just sleep the remaining time (so just specify the handshake to take say 250ms)?
that way the multiple auths won't overload the routers as sleeping shouldn't take resources...
Right?? Timing attacks are incredibly easy to patch, I'm sure they've thought about that but this video doesn't sufficiently explain why timing attacks "can't" be prevented.
@@henrycook859 1 added bonus the AP will leak less information whether the auth was successful or not... when they always takes 250ms.
Можно просто слушать эфир и перехватить рукоподатия. Все это полный бред.
Hackers are like Hah this update is lol
Hak5 bringing the hacking family together since 2005
Тут полный бред. Так wifi не ломается.
wpa2 seems fine just require 25 character passwords and a certain amount of entropy it already requires at least 8 chars anyway problem solved
true, my password is 25 digit, totally non dictionary
I Have 20 chars pass unique pass and they still hacked my device i dont know how in wpa2 ,they controled my car in Asphalt 9 on the Nintendo switch ,unbelivable
@@adinasa8668 Probably you were infected with a key logger?
Достаточно иметь хороший пароль. И ни кто не взломает.
I just block the original network and make a clone of that network and capture the password with my cloned host..o think that will work
Can’t block it in wpa3
@@francoisleveque145 what about jamming?? With node mcu
@Sec Coder if you do an evil twin and can’t deauth the first network there will be 2 access point with same essid
@Sec Coder yes the concept is same im talking about doing it manually and you are about automation with wifite
@Sec Coder i write my own tool it will work with high computing power, if wp3 is not blockable then its a security issues already,, think deeply
Great stuff, thanks for the presentation.
What's with the season and episode numbering? We skipped 29x02, then the thumbnail for this says 26x14? I try to keep an accurate backup of Hak5 (among others) in case the world ends is all...
We uploaded this a longggggg time ago, with the pandemic we put production on hold for awhile.
@@retiallc ah, was just curious. Thank you, also good video.
I have these protocals -
- wep
- wpa2
- wpa2 mixed
- wpa3
- wpa2/wpa3 mixed
Wich one is the best and strong?
Plzz help!!
I heard a rumor that the next gen Iphone will use a random MAC as a client, and use a diff MAC for the next AP, and so on.
Most devices already have this capability.
Android does this already
3:22 My understanding is with perfect forward secrecy their not learning your “password” as its never exchanged via the handshake. They would capture the session key but that keys is temp. ?
Sorry for late comments.
Would mac address allow, for my list, hinder this DDOS?
should i buy macbook air with 8 gb ram and 256 gb of storage for network engineer and can you suggest for for this please
802.11w came before WPA3. de-auth for client and encrypting de-auth or disassociate is defined in 11w . But in wpa3 made compulsory to support. Where as made as optional. WPA3 defined protecting in more complex authentication process ( now 4 handshake ) before it was 2 way authentication handshake in wpa2
It's pronounced "vpa-3" not double you we pee a three
Thx for the content. Do we have any tool that do these attacks. Any proof of concept?
i guess only thing we can do is PHISH which has always been best way
Oooohhh Darren... Smooorseee... ok I accept change... 'blink blink' thanks for the video and info
Ohhh
nullbyte in Hak5
Why can't wifi work like TLS to change some keys, the operate normally?
hi, very nice, but what does that iteration mean? 5:10
Why don’t wireless devices just use SSL?
WAIT WAIT ....... He is a man but talks like a little girl. Watch his mannerisms. That's a girl
You paying attention to another man's mannerisms when the video is about WPA3 sounds sus to me
What about capturing the hand shake
Полный бред. Ни кто не подбирает пароль к самому роутеру.
Good to know. Thanks for sharing
is that Vegas talk Pre Corona?
Hi
Does a device that support wpa2 could connect to wpa3 access point without updating the firmware in the client side?
From what i can gather both of them have to support the same standard. So for a device only with WPA2 the access point would also have to support WPA2 for the device to be able to connect. For WPA3 i do suggest waiting for the finalized version of it before you go update your firmware to support it. To many changes made right now to say that it would be a good idea to do so as it might become incompatible with the released version of WPA3.
0:30 is it hacked twice or 3 times? LOL
nullByte being God Every time ...... even with HAK5
Black Hat Seagale are godplace
is this reuploaded
Nullbyte is awesome!!!
I'm confused. Why do a bunch of nonsense work that could mess with lightweight devices rather than just wait a fixed amount of time to respond? If the response takes longer, it could still leak some info, but much less than before.
Ломается это по другому.
Hello !!! Can you reduce yours talking. Such boring ..... Give tips and commands to us ...it's fine👍and this vedio without talking is 2-3 min😂
I was never this early.
bro. Blink
NullByte 😊
I just don't use Wi-Fi or Bluetooth anymore at all. Imo they are no longer to be trusted mic drop
for house lights/no-risk automation, no prob. For anything sensitive, wired is just better anyways for reliability and performance!!
40 iterations? Lol... Why not random time delay?
Tutorial?🙂🙂🙂
@XOSPHERE GAMING ☹️☹️☹️
@XOSPHERE GAMING ya, bro..
Waiting for wpa4
For next 25 years🙏
HELLO IM FIRST
lol nobody cares
@@sylae_music Don't listen to him bro I care
Correct - The first loser.
oh no, this website leaked into the hak5 channel, at least this video is very unlike theirs, which is good
What's at risk if one were to simply commit to whitelist every approved device to a network, besides the time and maintenance to make sure the list is up to date? would the connection be secure and then it'd fall upon the device that's connected to make sure it isn't comprimised?
MAC filtering uses this concept. The connection would be secure, but it also isn't terribly difficult to spoof whitelisted device IDs, actually providing a method of entry. A capture of network packets would reveal the MAC addresses of whitelisted devices, giving an attacker exactly what they need to breach your network.
Null byte!?!?!?