I read an article on physx that says WPA2 has some vulnerability in the deauthentication. The article is here: WPA2 wireless security cracked The researchers have now shown that a brute force attack on the WPA2 password is possible and that it can be exploited, although the time taken to break into a system rises with longer and longer passwords. However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder. They also point out that while restricting network access to specific devices with a given identifier, their media access control address (MAC address), these can be spoofed. It references a paper "Exposing WPA2 security protocol vulnerabilities" but it looks like it's pay to download. Has WPA2 security actually been cracked? I am still using WPA myself.
I'm not sure. They also state that WPA2-CCMP is stronger than WPA2-TKIP, but they don't say whether these vulnerabilities are in both alternatives. About WPA, afaik it was previously considered secure unless it's TKIP mode.
The only protection for WPA2 is still the same, use 63 characters long password with all symbols and change it regularly, you do not need to remember it, so no problem.
I do need to remember it!!!!! Many of my friends and family's often comes and vizit me and they want the security code for their mobile phones, so they can surf and talk on the app Viber with other's. How can i give them a 63 long password to them? Is there any other possible ways to secure this issue with WpA2 ?
It most certainly does NOT need to be 63 characters long. 30 characters alone would take years to crack.
I think the article refers to the known TPIK potential vulnerability (brute force) but this, as far as I know, does not apply to AES. But it would be interesting to read the full article.
How about a measure of reality? No one is going to sit outside your window and spend hours hacking you. If they do, you can always bring them coffee. P.S. All them suburbian families are such badasses. Mrk
Assuming your custom key is not "123456" you should be OK. Change it often. Ask your ISP for assistance if necessary. How to change my wireless network security password (WPA2 key) *As provided by my ISP* - Yours will be different - http://support.bell.ca/internet/con...y-wireless-network-security-password-wpa2-key
all you need is to sniff handshakes then submit what you got over there :https://www.cloudcracker.com/
Wow, something that uses password authentication can be brute forced!? News story of the year... It would probably just be easier to walk up to your house when you are asleep/not home and insert a device into the line that brings internet into your house and capture the traffic that way. Probably really easy if coax is involved.
