HOWTO : Protect from being attacked by PMKID attack

On Aug 04, 2018, the developer of hashcat discovers a new way to attack WPA/WPA2 Wifi, namely PMKID attacks, when he is going to find a new way to attack new WPA3. This attack requires no Wifi user attached to the Wifi router and no need 4-way handshake. Meanwhile, almost all modern Wifi routers are vulnerable to this attack.



I conducted a quick test on my living area recently and found all Wifi routers (including mine) are vulnerable to this attack. If working with hashcat and/or good dictionaries properly, the WPA PSK (pre-Shared Key) password can be obtained without any problem.



Comes to the conclusion, WPA2 is no longer safe!



However, we can protect our Wifi by following methods :



(1) Make the WPA PSK password as complex and as long as possible (mine is 26 characters long);

(2) Make sure the WPA PSK password cannot be found in the available dictionaries (such as rockyou);

(3) Make sure your Wifi router can prevent ARP spoofing (Address Resolution Protocol) or apply MAC address filtering when possible;

(4) If possible, change your WPA PSK password at least once a month; and

(5) Keep your Wifi signal as weak as possible. Yes, makes it as weak as possible.



Reference



[1] New attack on WPA/WPA2 using PMKID

[2] Youtube PMKID attack Demo



That's all! See you.