WPA / WPA2 Cloud Cracking

Author: Martin Voelk
February 17, 2016

In a recent Pentesting engagement for a client we came across across a large WPA2 PSK deployment with 6 different SSIDs. As the customer used generic SSID names such as VOIP-5GHz and INTERNAL-STAFF, which do not allow to trace the customer back, we decided to try one of those numerous Cloud cracking services.

The results were stunningly good. Out of 6 WPA2 handshakes 4 were cracked (incl. the most important ones). Funnily enough the secured GUEST Network wasn’t crackable with a rainbow attack.

https://www.cloudcracker.com

This highlights the danger of WPA/WPA2 PSK once again. The key is only as secure as the complexity. We advice Enterprise RADIUS multi factor authentication with client site certificates and preferably RSA tokens instead.

 

Share
 

Comments are closed.