Israeli Researcher War Driving Study Survey Shows Old WIFI Security Exploited But Hampered By Strong Passwords

Bleeping Computer reported on a WIFI cracking survey in Israel that sniffed router passwords around Tel Aviv using an old exploit. The researcher used a network card and freeware Wireshark app and Ubuntu OS and an old 2018 known vulnerability.

This vulnerability only works with [WPA/WPA2-PSK] on routers set to allow roaming. It is known that combo allows the retrieval of a PMKID hash and that the hash is usually generated for roaming purposes. Serious hackers have state-of-the-art password cracking hardware with the latest fast graphics processors making cracking weak passwords in a few hours likely trivial. That a 3-year-old vulnerability still works is not that incredible since lots of people use old routers – and likely old encryption methods.

The 70% figure seems unusually high and probably skewed upwards. The researcher said that using cell phone numbers as a WIFI password is common in Israel. (Ok. Not smart). The other passwords were cracked using the ‘Rockyou.txt’ dictionary attack which was easily cracked consisting mostly of lowercase passwords.

And this is a proximity attack. While that might make sense for high-value targets located in densely populated areas or even in business parks, around local governments or NGOs offices still using old legacy equipment, it requires the attacker to drive close enough to pick up a signal (remember wardriving?

**There are a few lessons here. If your router is still using WPA/WPA2-PSK, it’s time to get a new router or change your encryption method to WPA/WPA2-Enterprise or WPA3 [if compatible with your network] since they are not affected by this roaming vulnerability.


  1. Use strong passwords that are not subject to dictionary attacks. The article suggests a three-word random passphrase that contains numeric or special symbols as separators. Don’t use any common combinations that are commonly known. Car models, birthdays, pet names etc. Use a few phrases separated by special characters consisting of something only you know.
  2. Make sure your using a router or encryption protocol that is not vulnerable. Like WPA/WPA2-Enterprise or WPA3 if your network is compatible.
  3. Always be vigilant for social engineering red flags.

Read the Bleeping Computer story here.


Some History
On August 4, 2018, a new method to exploit a known vulnerability was announced by Jens Steube from the Hashcat project for wireless networks that use WPA1/WPA2-PSK (pre-shared key), allowing attackers to obtain the PSK being used for the particular SSID.

The vulnerability affected most wireless vendors using roaming technologies, including Cisco Meraki, and targets information exchanged between the client and AP via management frames during roaming inherent in the 802.11 protocol. Customers using Meraki APs are vulnerable if using fast roaming (802.11r) with PSK.

Privacy Policy | Terms of Service