WiFi Hacking & Security
From WEP's catastrophic weakness to WPA3's SAE handshake, WiFi security has evolved through constant cat-and-mouse. The KRACK attack against WPA2 showed that even 'secure' protocols can have fundamental flaws.
WEP: A Catastrophic Design
Wired Equivalent Privacy (WEP) was the original 802.11 security protocol. Its use of RC4 with a weak IV (24 bits) and concatenation instead of proper mixing made it trivially crackable within minutes. By 2001, publicly available tools could crack WEP in seconds.
WPA: TKIP Temporarily Saves Us
Wi-Fi Protected Access (WPA) introduced the Temporal Key Integrity Protocol (TKIP), which used per-packet key mixing and a larger IV. While more secure than WEP, TKIP was later found vulnerable and is now deprecated.
WPA2: The Long Reign
WPA2, using AES-CCMP, became the standard for 14 years. It provided strong encryption for home and enterprise networks. The only practical attack was brute-forcing weak passwords—which required capturing and cracking the 4-way handshake.
KRACK: Breaking WPA2
In 2017, Mathy Vanhoef discovered Key Reinstallation Attacks (KRACK). The vulnerability was in the 4-way handshake itself—when a client reconnects after losing connection, it reinstalls the same key, allowing an attacker to replay, decrypt, and forge packets.
WPA3: The New Standard
WPA3 introduces Simultaneous Authentication of Equals (SAE), a password-based key exchange that's resistant to dictionary attacks. It also features 192-bit security suites for enterprise, and Opportunistic Wireless Encryption (OWE) for open networks.