Nowadays, with the great impact of Covid 19, the remote working model has entered our lives. It has become very difficult to control employees and ensure their digital security within the scope of cyber security.
How secure is your employees' home internet?
The answer to this question will be the same wherever you go in the world. “What can happen to our internet that we use at home, and what will be the effect on us as a result?”
A researcher has managed to crack 70% of 5,000 WiFi network samples in his hometown of Tel Aviv to prove that home networks are extremely insecure and easy to hack.
Security researcher Ido Hoorvitch first drove around the city center with WiFi sniffing equipment to collect 5,000 WiFi network samples for research use.
Next, the researcher exploited a flaw that allowed a PMKID hash value to be retrieved, which is usually generated for roaming purposes. To collect PMKID hashes, Hoorvitch used a$50 network card that could function as a monitor and packet injection tool, and sniffed with WireShark on Ubuntu, both of which are free software.
PMKID hash; It contains the network’s SSID, password, MAC address, and a static integer.
At first, it launched a “mask attack”, common in Israel, to determine if any user had set their mobile phone number as their Wi-Fi password. Cracking such passwords can be a case of calculating all number options for Israeli phone numbers and if it starts with 05 it is ten digits, the original will be only eight digits.
Using this method with a standard laptop, the researcher cracked 2,200 passwords at an average rate of nine minutes per password.
The next phase of the attack involved a standard dictionary attack using the ‘Rockyou.txt’ dictionary. This resulted in a faster cracking of 1,359 passwords using only lowercase characters.
Conclusion
Following the simple and easy cracking method, the researcher cracked 70% of the passwords of the WiFi networks he sniffed.
Research shows that most employees do not set a strong password for WiFi networks even if they are at risk of being hacked.
If your WiFi password is hacked;
• Anyone can access your home network,
• It can change modem settings and potentially hijack your personal and corporate devices by exploiting flaws.
For a secure home network;
• Good passwords should be at least ten characters long ,
• It should consist of lowercase and uppercase letters, symbols and numbers.
If you want an easier-to-remember password, a random three-word password with numeric or special symbols you can try.
Finally, if your modem supports WPS, it may be recommended to disable it for convenience as it is not a secure feature.
KVKK, ISO 27001, Bilgi ve İletişim Güvenliği Rehberi, ISO 27701, Bilgi Güvenliği, Siber Güvenlik ve Bilgi Teknolojileri konularında destek ve teklif almak için lütfen