WiFi Hacking & Security

From WEP's catastrophic weakness to WPA3's SAE handshake, WiFi security has evolved through constant cat-and-mouse. The KRACK attack against WPA2 showed that even 'secure' protocols can have fundamental flaws.

Period1997-Present

WEP: A Catastrophic Design

Wired Equivalent Privacy (WEP) was the original 802.11 security protocol. Its use of RC4 with a weak IV (24 bits) and concatenation instead of proper mixing made it trivially crackable within minutes. By 2001, publicly available tools could crack WEP in seconds.

WPA: TKIP Temporarily Saves Us

Wi-Fi Protected Access (WPA) introduced the Temporal Key Integrity Protocol (TKIP), which used per-packet key mixing and a larger IV. While more secure than WEP, TKIP was later found vulnerable and is now deprecated.

WPA2: The Long Reign

WPA2, using AES-CCMP, became the standard for 14 years. It provided strong encryption for home and enterprise networks. The only practical attack was brute-forcing weak passwords—which required capturing and cracking the 4-way handshake.

KRACK: Breaking WPA2

In 2017, Mathy Vanhoef discovered Key Reinstallation Attacks (KRACK). The vulnerability was in the 4-way handshake itself—when a client reconnects after losing connection, it reinstalls the same key, allowing an attacker to replay, decrypt, and forge packets.

WPA3: The New Standard

WPA3 introduces Simultaneous Authentication of Equals (SAE), a password-based key exchange that's resistant to dictionary attacks. It also features 192-bit security suites for enterprise, and Opportunistic Wireless Encryption (OWE) for open networks.

Timeline

1997WEP introduced with 802.11RC4 encryption, easily cracked
2001WEP cracked - Fluhrer, Mantin, Shamir attack
2003WPA (TKIP) introduced
2004WPA2 (AES-CCMP) finalized
2007WPA2 fully adopted in 802.11n
2017KRACK attack announcedKey Reinstallation AttaCKs
2018WPA3 announcedSimultaneous Authentication of Equals (SAE)
2019WPA3 certified products available