Hacking WPA3 with Mathy Vanhoef & Retia

Подписаться 924 тыс.

Просмотров 66 тыс.

50% 1

WPA3 is the next generation of Wi-Fi security but that doesn't mean it's perfect. Find out how it works, and how it's already been hacked!
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → www.hakshop.com
Subscribe → ru-vid.com...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
Host: Kody → / kodykinzie
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.

Наука

Опубликовано:

21 апр 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 125

@MrKristian252 3 года назад

Woah, Kody from Nullbyte is here!! Nice to see a familiar face on the show

@JohnDoe-wi7eb 3 года назад

Must be a old video kody has long hair now

@harshilshah980 3 года назад

He makes regular appearances here...

@ankit168 2 года назад

But I believe same WPA2 cracking tools don't work for WPA3 and Dos we can see it is happening but since Deauth is not there so cracking is possible ?? Or Just Brute force based on timing attack ?

@pewcfpv8056 3 года назад

Woah! Congrats to being a part of Hak5! That's huge!

@tomf00lery 3 года назад

Great stuff, love this format. 👍

@devtar-gaming 3 года назад

Me too. Keep it up!

@funguy4290 2 года назад

It's easier and harder than it's ever been. Keep making stuff.

@doodmonkey 3 года назад

Great stuff, thanks for the presentation.

@user-md1jg6vj1r 3 года назад

Yes! this is what I like. Technical details

@subliminal9535 3 года назад

THE SAME PERSON THAT WROTE 5HE ENCRYPTION CAN UNWRITE IT the problem is the trust of humans everybody has a price

@serversC13nc3 3 года назад

Nice to see you never blink in hack5.

@mizdebsk Год назад

every time someone floods my router with DOS I triangulate their signal with 2 drones flying around and at the end I send my dogs after them.

@daddyelon4577 5 месяцев назад

How do you operate two drones at once?

@antiimperialista Месяц назад

@@daddyelon4577 with four hands

@50crowley 18 дней назад

@@daddyelon4577 They control one and the dog controls the other.

@ghosttech9921 3 года назад

Tip 1 - never join any open network.

@a21123 2 месяца назад

can someone deauth me if i use macchanger?

@netoeli 3 года назад

Hak5 bringing the hacking family together since 2005

@chertopoloh170 2 года назад

Тут полный бред. Так wifi не ломается.

@chipko 3 года назад

Yey! Kody! Are you part of the hak5 team now?!

@ricseeds4835 3 года назад

This isn't his first appearance

@TheRealKitWalker 2 года назад

Yes, he joined hak5 😏

@TechTutorialsDavidMcKone 3 года назад

Good to know. Thanks for sharing

@HousewerkRecords Год назад

Great video with lots of info. To sum this up, there’s no real point using wp3 yet as it’s still vulnerable. Hard wire everything that needs a steady connection I guess.

@sontodosnarcos Год назад

While it is possible to use brute force on WPA3, using a 24-digit password consisting of lower und uppercase letters, numbers and special characters should still make it virtually impossible for hackers to crack your password.

@An.Individual 3 месяца назад

I'm not convinced he has found a vulnerability worth worrying about

@mikeharborson1901 3 месяца назад

Nope... the reason the video only talks of wpa3 for the very last 10% of the video.......... GRR!!!!!

@raghavendra5698 Год назад

802.11w came before WPA3. de-auth for client and encrypting de-auth or disassociate is defined in 11w . But in wpa3 made compulsory to support. Where as made as optional. WPA3 defined protecting in more complex authentication process ( now 4 handshake ) before it was 2 way authentication handshake in wpa2

@hb3643 Год назад

Thx for the content. Do we have any tool that do these attacks. Any proof of concept?

@cajay4825 3 года назад

Can i get the Link to white paper please to understand vulnerability even better.

@_unkn0wn._ 3 года назад

Yes kody keep it going bro 😎

@johanwennerberg1923 Год назад

Sorry for late comments. Would mac address allow, for my list, hinder this DDOS?

@FunMaxClub 2 года назад

should i buy macbook air with 8 gb ram and 256 gb of storage for network engineer and can you suggest for for this please

@pi1392 3 года назад

is that Vegas talk Pre Corona?

@khari83637 Год назад

3:22 My understanding is with perfect forward secrecy their not learning your “password” as its never exchanged via the handshake. They would capture the session key but that keys is temp. ?

@unknownanonymous4735 2 года назад

hi, very nice, but what does that iteration mean? 5:10

@davidg4512 3 года назад

Why can't wifi work like TLS to change some keys, the operate normally?

@OftFilms 3 года назад

Nullbyte nice to see you here too

@mysterychemical 2 года назад

4:58 You cannot freaking leak my router password that way.

@chertopoloh170 2 года назад

Тут специально показан бред. Потому что wifi ломается по другому.

@userou-ig1ze 3 года назад

Oooohhh Darren... Smooorseee... ok I accept change... 'blink blink' thanks for the video and info

@philipm1896 3 года назад

This can't be Kody. I seen him blink 😉

@kristoffseisler2163 3 года назад

where can you even get a wpa3 router? i have ddwrt but but it seems its bugged and it never worked for me. but does wpa3 exist for modern routers nowadays?

@Bierkameel 3 года назад

Router? My Aruba Instant On Accesspoints support WPA3.

@user-md1jg6vj1r 3 года назад

AVM routers

@kristoffseisler2163 3 года назад

@@logmeindog alright thats nice. yeah i know sucks about kong but still using ddwrt for those custom iptables firewall rules

@forgottenone1973 3 года назад

just installed openwrt on a xiaomi ac2100. can set wpa3 security too.

@wildyato3737 2 года назад

@@logmeindog Hey does WPA3 2019 vulnerabilities has been patched yet? And what were you talking about downgrade attacks?isnit possible when using Mixed type of network?..or WPA3 is inherited from WPA2??

@juliettaylorswift 3 года назад

so shocking seeing blackhat footage with all the people and maskless, i know 2019 footage and was before it all went down. Really miss defcon...still waiting on more details about this year tho.

@juliettaylorswift 3 года назад

@Sec Codercould have phrased better-that footage was from 2019 (on some of the signage). Before it went down as in before covid/pandemic. Black hat is happening this year in person, and I have no idea if it did it not last year as I don't attend black hat. Defcon is happening this year in some form of part online part in person, but details are still limited.

@vidhuchawla-indietrigg8000 Год назад

I have these protocals - - wep - wpa2 - wpa2 mixed - wpa3 - wpa2/wpa3 mixed Wich one is the best and strong? Plzz help!!

@TheErraticTheory 2 года назад

Why not just have a set wait to respond timeout? Instead of forcing the 40 iteration calculations. That way you don’t need to compute, just waiting to respond as if you did.

@f.3850 Год назад

What do you mean

@hcr1 3 года назад

Hi Does a device that support wpa2 could connect to wpa3 access point without updating the firmware in the client side?

@yumri4 3 года назад

From what i can gather both of them have to support the same standard. So for a device only with WPA2 the access point would also have to support WPA2 for the device to be able to connect. For WPA3 i do suggest waiting for the finalized version of it before you go update your firmware to support it. To many changes made right now to say that it would be a good idea to do so as it might become incompatible with the released version of WPA3.

@jasonpitts8395 3 года назад

I heard a rumor that the next gen Iphone will use a random MAC as a client, and use a diff MAC for the next AP, and so on.

@sethadkins546 2 года назад

Most devices already have this capability.

@RedPill420 2 года назад

Android does this already

@BlaMurda 3 года назад

What's with the season and episode numbering? We skipped 29x02, then the thumbnail for this says 26x14? I try to keep an accurate backup of Hak5 (among others) in case the world ends is all...

@retiallc 3 года назад

We uploaded this a longggggg time ago, with the pandemic we put production on hold for awhile.

@BlaMurda 3 года назад

@@retiallc ah, was just curious. Thank you, also good video.

@kentharris7427 25 дней назад

Easy Peasy. Simply create an evil twin Wi-Fi that has a higher signal strength then the original router, most of all PCs and Smart phones keep a Wi-Fi password list for a quick connection to the network. Personally haven't tried it, sounds feasible however.

@chamodsachintha3095 3 года назад

Ohhh nullbyte in Hak5

@jimgrayson4828 Год назад

What about capturing the hand shake

@SpectralAI 3 года назад

Why don’t wireless devices just use SSL?

@mallubot7074 3 года назад

is this reuploaded

@omkhard1833 3 года назад

nullByte being God Every time ...... even with HAK5

@omkhard1833 3 года назад

Black Hat Seagale are godplace

@katanasteel 3 года назад

wouldn't it just be better to do the minimal amount of iterations, and then just sleep the remaining time (so just specify the handshake to take say 250ms)? that way the multiple auths won't overload the routers as sleeping shouldn't take resources...

@henrycook859 2 года назад

Right?? Timing attacks are incredibly easy to patch, I'm sure they've thought about that but this video doesn't sufficiently explain why timing attacks "can't" be prevented.

@katanasteel 2 года назад

@@henrycook859 1 added bonus the AP will leak less information whether the auth was successful or not... when they always takes 250ms.

@chertopoloh170 2 года назад

Можно просто слушать эфир и перехватить рукоподатия. Все это полный бред.

@CallMeKRSNA Год назад

Hackers are like Hah this update is lol

@mattymooo100 3 года назад

Nullbyte is awesome!!!

@themtg5151 3 года назад

When did you start making videos for hak5🤣

@robertopacheci3724 3 года назад

🤣🤣

@retiallc 3 года назад

About a year and a half ago!

@icanfixit1553 3 года назад

i guess only thing we can do is PHISH which has always been best way

@vladimirmuzik8648 3 года назад

I was never this early.

@obscenity 3 года назад

oh no, this website leaked into the hak5 channel, at least this video is very unlike theirs, which is good

@StarkThure 3 года назад

Waiting for wpa4

@wildyato3737 2 года назад

For next 25 years🙏

@grandmakisses9973 3 года назад

Null byte!?!?!?

@matthewpepperl 3 года назад

wpa2 seems fine just require 25 character passwords and a certain amount of entropy it already requires at least 8 chars anyway problem solved

@matldn2697 3 года назад

true, my password is 25 digit, totally non dictionary

@adinasa8668 3 года назад

I Have 20 chars pass unique pass and they still hacked my device i dont know how in wpa2 ,they controled my car in Asphalt 9 on the Nintendo switch ,unbelivable

@matldn2697 3 года назад

@@adinasa8668 Probably you were infected with a key logger?

@chertopoloh170 2 года назад

Достаточно иметь хороший пароль. И ни кто не взломает.

@irukard 3 года назад

40 iterations? Lol... Why not random time delay?

@InfiniteQuest86 2 года назад

I'm confused. Why do a bunch of nonsense work that could mess with lightweight devices rather than just wait a fixed amount of time to respond? If the response takes longer, it could still leak some info, but much less than before.

@chertopoloh170 2 года назад

Ломается это по другому.

@hellofriend3091 3 года назад

I just block the original network and make a clone of that network and capture the password with my cloned host..o think that will work

@francoisleveque145 3 года назад

Can’t block it in wpa3

@hellofriend3091 3 года назад

@@francoisleveque145 what about jamming?? With node mcu

@francoisleveque145 3 года назад

@Sec Coder if you do an evil twin and can’t deauth the first network there will be 2 access point with same essid

@hellofriend3091 3 года назад

@Sec Coder yes the concept is same im talking about doing it manually and you are about automation with wifite

@hellofriend3091 3 года назад

@Sec Coder i write my own tool it will work with high computing power, if wp3 is not blockable then its a security issues already,, think deeply

@upup5133 3 года назад

0:30 is it hacked twice or 3 times? LOL

@timbrown805 Год назад

I just don't use Wi-Fi or Bluetooth anymore at all. Imo they are no longer to be trusted mic drop

@mikeharborson1901 3 месяца назад

for house lights/no-risk automation, no prob. For anything sensitive, wired is just better anyways for reliability and performance!!

@heysuvajit 3 года назад

NullByte 😊

@TechnicalHeavenSM 3 года назад

Tutorial?🙂🙂🙂

@TechnicalHeavenSM 3 года назад

@XOSPHERE GAMING ☹️☹️☹️

@TechnicalHeavenSM 3 года назад

@XOSPHERE GAMING ya, bro..

@chertopoloh170 2 года назад

Полный бред. Ни кто не подбирает пароль к самому роутеру.

@BurkenProductions 2 года назад

It's pronounced "vpa-3" not double you we pee a three

@evengraintech1397 2 года назад

bro. Blink

@_unkn0wn._ 3 года назад

HELLO IM FIRST

@sylae_music 3 года назад

lol nobody cares

@retiallc 3 года назад

@@sylae_music Don't listen to him bro I care

@ArthurTugwell 3 года назад

Correct - The first loser.

@ArulKumarJAKj 3 года назад

Hello !!! Can you reduce yours talking. Such boring ..... Give tips and commands to us ...it's fine👍and this vedio without talking is 2-3 min😂

@DarinCates 2 года назад

WAIT WAIT ....... He is a man but talks like a little girl. Watch his mannerisms. That's a girl

@RedPill420 2 года назад

You paying attention to another man's mannerisms when the video is about WPA3 sounds sus to me

@HornyGrandma Год назад

What's at risk if one were to simply commit to whitelist every approved device to a network, besides the time and maintenance to make sure the list is up to date? would the connection be secure and then it'd fall upon the device that's connected to make sure it isn't comprimised?

@triggermike420 Год назад

MAC filtering uses this concept. The connection would be secure, but it also isn't terribly difficult to spoof whitelisted device IDs, actually providing a method of entry. A capture of network packets would reveal the MAC addresses of whitelisted devices, giving an attacker exactly what they need to breach your network.