We just called it "wardriving" back in the day. When I was a kid, we squatted an abandoned 10 story apartment building. We had the WEP keys for every network in cantenna range. If a network wasn't available for some reason, just had to re-aim the can on the tripod.
I remember wardriving in my small town like 20 years ago and noone's wifi was protected. Then I went to film school in LA in 2008-ish and EVERYONE's wifi was protected and someone was like "yea, everyone has screenplays and scripts on their computers and they are worth millions potentially". Made sense they were more up to date.
Definitely an eye-opener on Wi-Fi security. Time to double-check my password setup and perhaps even consider separating my IoT devices from my main network. Thanks for the insights.
Realized that not only am I using the standard password but also that the back of my router is against a window. So the password is clearly visible from outside 😂
I am not too worried about that because one wouldn't be able to get close enough to our house to receive our Wi-Fi signal without breaking into our property - which is secured with CCTV and an alarm. And we mostly use LAN anyways.
You forgot WPS and Man-In-The-Middle attacks, when you force a device to make a handshake with your fake Access Point. You clone the Access Point characteristics, then you wait for a Handshake (or you send a disconnect signal) and you have the key.
Damn WPS is ridiculous. If I recall correctly, it's a set of 8 characters that you can split in two and validate two sets of 4 chars instead of 8. To top it off, the last character is a CRC so you just had a group of 4 chars and a group of 3 chars to crack. I remember the main ISP in my country adding a max number of tries, followed by a long timeout to try again, making it significantly more time consuming to hack. Of course you can just drop a raspberry pi on a battery pack near the device and let it do it's thing over the course of a few days. I remember having a netbook in 2012 with a dualcore 1.6 ghz ARM processor and just getting all the wifi passwords around my house in a matter of minutes. Edit: Intel Atom® Processor N270 single core with hyperthreading.
Regrettably, @hofa's response is accurate. Internet security is subjective, requiring tailored plans that consider the user's comfort level. One cannot expect someone like Joe the plumber to become a cybersecurity expert overnight. However, Joe excels at fixing leaking faucets, a task a cybersecurity professional might struggle with. Achieving the right balance is crucial for risk mitigation. While well-intentioned, the discussed video delves into a topic that many may find daunting without expert guidance. Without personalized consultation, its value diminishes. In my view, the video seems geared towards instilling fear. Let's be clear: during my college days with a basic laptop (i3), I successfully assessed WiFi security levels without breaching or altering them-a practice strictly illegal without explicit consent. LTT should focus on offering practical advice rather than showcasing hacking techniques and then attempting to offer assistance, which only fosters fear. Furthermore, contemporary hackers target larger entities like social media platforms hosting billions of users, rather than individuals. Such platforms represent worthy pursuits for their time and effort.
You don't even need a van to hold the cracking equipment. You just need the lower power device to intercept the handshakes and then send that data to a remote server optimized for cracking.
Yes, you can even use cloud compute. But you will have to make sure to erase your traces. But in most cases cloud computing providers aren't looking what you're running on their systems, as long as you aren't scanning the whole internet or something
@@Unknown-sz8kg This whole video is basically a tutorial. Cracking WPA2 is old news. Like lockpicking, it's completely legal to know and to break the security of your own devices or of others who give you permission. Pentesters are legal white hat hackers and are hired all the time by companies. WiFi cracking would be one of their attempted attack vectors to audit security.
Ah, war-driving. I remember doing this in the late 90s and early 2000s. We used "can-tennas" made out of Pringles can. We had. Soup can to scan a wide area, and the Pringles can to zero in and crack.
@@MrBarcode yeah? What makes you think so? You wanted to publicly call me a child so own up to it Keep in mind that you are talking to someone who has been hacking Wi-Fi for 20 years and I professionally give advice to businesses on their wireless posture
@@kenGPTthe heck they weren't. some might not have, but plenty of people did. it sucks for broad area scanning, but they're super useful for pinpointing to maximize signal and limit dropout due to the surroundings/rf. and then again, if you want to keep using that wifi you just pinpointed.
There is a really easy way to make 100% sure your printer's connection won't compromise your network... plug it in with a USB cable and make sure the wifi is turned off.
You left out the most common attack vector at this point, which is forcibly making devices drop off the network and reconnect, so you can get many, many more handshake samples. It also allows replicating that handshake to allow outside devices to mimic and replace devices. Many amusing tricks are possible!
you're not wrong but wps is still the most common vector (horrible that it still works in 2024 but good for me), trust me i do this every other weekend. i explained it more in another comment
Gotta love how appropriate the pile of masterlock 140's used as a comparison is. They are one of the easiest locks to pick out there and a 4 pin comb opens any of them just as easily as a key.
As a truck driver, I have been using public wifi for over 10 years. Started out using laptop card that had an antenna and using some early WEP cracking software. My upgrades over the years was rigging up an rocketdish on push up pole outside the cab of the truck. I am currently using aircrack-ng and reaver tools to get internet access. Today, very few routers AP are pixedust crackable. But the amount of free public internet access has grown also. So I am planning on upgrading my dish setup to handle 5G band as the single square mikrotik wifi antenna gets over 100Mb/s on McD fast food places at distances up to a mile away. So as a truck driver, a big externial 5G band antenna can pick up all the free internet access points at all the fast food places and all Walmarts and many large stores. So having to "crack" into an AP is getting less and less now a days.
I just want to say, this was a very excellent video. I loved the comedic entertainment value, informative history of Wi-Fi security, showcasing cool hardware. Very well done
I used to do this decades ago with fairly straightforward cracking software without understanding any of the underlying encryption technology protocols. This video has been enlightning and you guys are the best in the world at taking technical concepts and breaking them down in an easy and enjoyable format. God bless you Linus and team!!!
This just demonstrated the importance of VLANs and layer 3 routing. People say I've gone overboard, but it's a 5min process to set up a VLANed SSID and configure that on my network to limit where my IoT devices are allowed to connect. Seperate password for each SSID. etc.
@@e.t.anderson4639 not so much anymore. You can get “prosumer” or even just regular off the shelf home WiFi gear that supports almost all of this now. Like the TPlink wifi6 access point I got to replace an EnGenuis WiFi 5 AP does all the same stuff but was like 75$ vs 150-500$ for an enterprise one.
This is an understated huge topic. I get how you cannot go into it all in a single video, but for something like this I think some base level links to other videos or tutorials or just about anything else is desperately needed.
absolutely true. he also skipped most important things while trying to explain how wep2/3 works, as someone who wardrives around the city and cracks networks i rate the video 3/10 tops.
@@lumikarhu Obviously this is only meant to give a rough concept of what's going on, and not to teach or encourage. Either for liability reasons or moral reasons.
@@69MaxVerstappen69i feel like once they're done testing topsy they'll do PR campagins with youtubers, they're the #1 trending startup in Canada, press would love to interview them and talk about their truck
With such a setup they put for this video i was really expecting them to try out various different types of recommended strong passwords and check how long it takes to breake it. The real purpose of the toy you built and are showcasing.
Eh, in truth, it's very, very easy to have an uncrackable password, the point here is that people use easy passwords or phone numbers are passwords which can be guessed easily with dictionary and slight brute force, once you have a random 10 digit password containing numbers and letters it will take thousand's of years with current hardware, add 2 symbols and now it's even worse... The toy he built is useless on a password like "f}A1=#f9M8" it will take millions of years to crack that.
He's addressed this too in the video. People do not use difficult to crack passwords even when they do use longer passwords with numbers. There is still a dictionary available for such passwords (the Shakespeare thing he mentioned) which will considerably increase an attackers chance of cracking it. @@reuven2010
One of the best measures to protect yourself is to use strict MAC address filters where, especially for IoT devices, you create a separate SSID and set it up to only accept connections from specific MAC addresses. While not 100% secure (MAC addresses are easy to spoof), it does give you another layer of security.
Would love to see a follow up video showing how the VLANs and different WiFi networks should be done from security point of view as mentioned in the last section. Thanks!
Those guys suck so bad. They teach networking for 5 year olds. They only show how to hack in ideal scenarios that you'd never come across today. And I don't think Network Chuck has EVER completed one of his courses before, his channel is just a graveyard of half-finished courses. I recommend watching someone like cr0w if you wanna learn how to legitimately hack.
In your phone (both Android and Apple!) you can go into the wifi settings and tap to generate a QR code. You can print or just show it. If you scan that using the camera app on another device, it'll show a "Connect to wifi" option. It's really cool and supported in all modern phones. Linus mentioned this in the video, but he didn't mention how easy to do it is. There's no setup steps in the software side
Suggestion for a follow up video. How to build an affordable network that is better than buying a home router but not full Ubiquiti Dreammachine Pro level. Something that gives you more access to multiple wifi networks that can be customized but doesn't cost a ton of money. TP-Link's Omada might be an alternate option but also isn't super cheap depending on how you design your network. Maybe also throw in some used commercial hardware from sites like eBay or GovDeals.
@@killerpanda4659That is actually my setup. I'm using one of the mid range Protectli's with TP-Link Omada switch and AP behind with the controller running in Docker. I think that might come down to who you would target the video at as an audience though. Protectli is most likely PFSense or OpnSense which may be beyond who this video was targeted at.
I run Ubiquity APs, some used Dells managed switches I got off ebay, and a PFsense box I got of amazon for my home network. Its a "relatively" affordable setup that still gets you basically every feature your going to want in a advanced home network.
Holy crap without even watching this it's already awesome. I rented a Uhaul for like a year and ran an office out of it, complete with Starlink and everything. I wish I could come up to Canada and work w/ you guys, the stuff you're doing is so cool. Keep up the great work!
@@pauljones9150 I've tried to reply to this three times but for some reason it's not staying up. It was very much the same, with monitors and other equipment mounted to the wooden slats running the length of the van, and Starlink RV or a Gli-net router combined with a Yagi antenna to re-broadcast WiFi for internet. I also had two solar inverters with 200 watt panels and AC inverters for power. If you're going to give it a shot, I highly recommend the Ford Transit of the three models they offer. It has better fuel economy, idle fuel draw, and interior. It's also really stable and actually kinda fun to drive to boot.
What was missing in the video is, that for capturing the handshake of a device, a device needs to start the connection to the WiFi while you are capturing. Just driving in front of a house capturing a few seconds and leaving won't work in most cases. While there is a deauth packet that can be sent to devices to disconnect it from the WiFi and shortly after it will try to reconnect. But even on most WPA2 devices the deauth packet needs to be authenticated by the Access Point. So this is not possible in most cases. Sure you can wait hours in front of the house waiting for a device to connect. But this is a lot less feasible
Protected management frames are optional in WPA2 so I'm not sure I'd bet on deauth attacks not working. I'm guessing most cheap devices that don't implement WPA3 also didn't bother to support 802.11w
@@khakers2.099 Maybe some cheap iot devices don't support protected management frames but at least old regular devices like phones and computers that only support wpa2 do support protected management frames, at least in my experience
Good mention! Comfortable talking about this now because I’m pretty far removed from high school at this point. When I was in high school they did an experimental roll out of laptops to the senior class to determine if they would invest in laptops for the whole school… of course they wanted to secure the devices, however they put the laptops on a completely unfiltered wireless network and put the filtering on the laptop itself! This made access to that network incredibly valuable due to the fact that if you connected a NON school issued device you could have unfiltered wifi access. I set up a raspberry pi with an external antenna that I hid inside of a computer lab desktop tower and could remote into. I told it to start capturing handshakes right as students arrived at school in the morning knowing that all their seniors laptops would start automatically connecting when in range and I’d be likely to capture a handshake as they walked by the lab. Worked like a charm and allowed me to crack the password off site when I retrieved the device later
Deauth attacks worked fine for me for kicking desktops and laptops off the network to capture their handshake whenever I did this back in the early 2010s using kali.
I tried this on myself years ago just to see what an idiot kid like myself could get into. The program doesn't need me to look at the wifi networks. Just seeing the network id was enough. A simple one way handshake was enough to get any password I wanted. I used a single r9 280x and it took me 17 hours to crack "H@_ck.M4D@**Y" I used a simple command to sort through that one file every hacker knows with the ten gigs of every leaked password ever. I was only 14 at the time and this was so easy to do.
Great video for raising awareness. One thing missing for me though was info about how insecure WPS can be. I would love to see a more detailed follow up maybe including a bit more about the history. There are a lot of interesting stories of manufacturers messing up their implementations etc so keeping devices up to date (which some cheap isp issued routers often won’t do) is absolutely a critical factor imo
I mean fair but at the same time, not everyone knows or has the ability to run cable infrastructure through a building if it doesn't already exist. Wifi gives us more of the easability/convenience of a layer 1 alternative to networking. The next step is, as this video points out, is to secure your over-the-air commucations.
I’ve got my desktop connected via wifi due to living in an older apartment complex with only phone and cable lines in the walls. Moca isn’t an option because apartment complex, so I’m stuck with either wifi or 100 ft Ethernet cord.
@@jonathanfischer7395true men run tens or hundreds of Ethernet cables, loosely taped to the floor connected to their homelab which has grown to the size of the kitchen
The point regarding Cuda cores hit me.. since I got a 8800GTX back around 2008 and wow was that a complete shift in this type of compute. Going from 1000's to millions per second was just insane.
Reminds me of Sub7 and (2002-2003?) wardriving with a big patch antenna stuck to the side of my Honda wired to the PCIe card in my laptop. We'd drive around and just cruise neighborhoods. We thought we were so cool. I can still hear the ICQ notifications when someone turned on their computer and we got a notification. We were little better than script kiddies. Now I'm old and my knees hurt.
@@JuiceB0x0101 that's rediculous... I live in Germany and we're not exactly known for the best Internet or friendliest ISP and I've literally never heard of that here
In the US most non-fiber plans I've seen have limits. They just don't mention them upfront, and they're fairly generous for cable internet. I'm sure most customers never hit them.
@@vinxmusic_ I thought they said at one point that speaking English was not his strong suit since he's from the Netherlands, so it could be a bit of both?
i said vlans out loud a dozen times watching this and literally shouted wooo! when you mentioned them. these really need to be a more accessible option so many iot devices in a modern home these days!
I lived in a house across the street from a Car Mechanic Shop. We didn't have internet, but their WiFi showed up (protected tho) and one of my roomates figured out the password was their phone number! Got me through a year 😎
During high school I'd walk around my neighborhood with a wifi pineapple in my backpack and an antenna sticking out while I went around cracking peoples wifi
@@robmckennie4203 especially the truck driver dude. why the hell would you risk your livelihood just so you can get a slightly faster internet connection
Something I would recommend to use is a sequence of four or five random words, plus a number or special character mixed in there. Those usually end up being very long and harder to brute-force than even those 16-20 random character sequences and are much, much easier to memorize and type.
Nope. Truly-random sequences have more entropy than anything you'd pick yourself. Choose a 32-character truly random password. It has roughly 192 bits of randomness. Five random English words plus a random character would have only about 87 bits of randomness assuming your vocabulary is about 65000 words (which is almost certainly much too high) and your special character has 7 bits of entropy.
@@dfs-comedy Yes. A sequence of 32 random characters is going to be stronger than a few random words. I won't fight you on this one. But a sequence of random words, not a quote or sentence, with special characters sprinkled here and there is going to be much lengthier and stronger than any random sequence of characters your average person would be willing to use as their wifi password. It'll have plenty of entropy for day-to-day use... Most home wifi passwords I've seen were just a common word with replaced characters or a relative or pet's name with 123 at the end... and usually that's fine! Most of us won't ever be targeted by criminals going around in vans to sniff our wifi transmissions. A sequence of words won't be hard to memorize, communicate or type, will be strong enough, on top of being on absolutely no list of commonly used passwords. We're looking for effective and convenient. Something better than "F1do12345" and also something you can just "tell" to someone without having to spell it out character by character. Anything that truly needs high security in a home network should be going through a wired connection on top of using a trusted VPN anyways.
Infra pentester here. Not as much fun, but more practical if you use a tool like NPK which spins up AWS spot GPU instances to do all the cracking in the cloud once you've got the handshake. No van needed, and a damn sight cheaper 😁
Side note: somebody does not need to own 5 RTX4090's to crack a WPA2 password. They can pay a few bucks and do it on cloud GPU's making the barrier much thinner. And if you're using a brand of router that has a basic scheme for all its default passwords (i.e. the Sagemcom routers Spectrum gives out which all use verb + noun + three numbers) its very easy to create a custom dictionary that will crack it in a fraction of the time.
Brings me back to 2005 w/ my first laptop, driving around, hooking into Linksys WRT54Gs everywhere w/ open wifi, changing their SSID to random things ❤
The real story here is how they resisted the urge to do a build video of building a fullblown tech van ike you'd see in movies instead of a pc on plastic coffee table in a rental.
@@ffgamingkanaal It works try it. It's how you get free access in hotels and on planes. If you think about it you'll realise there is no way it can tell it's 2 devices. It can be a bit choppy but it works.
A BBC program, a series with 2 men and a woman called Jessica, did a similar thing about 10 years ago. They parked up in a residential street and proceeded to log onto peoples internet, they even knocked on one persons door and asked them how they enjoyed their holiday and showed them pictures from their emails. Nice to see people take security as seriously ten years on.
"advanced" dude wi-fi security, DMZs, and wardriving are like the basics of basics when it comes to computer stuff, especially network security (which at this level is more like basic hygiene for your computer).
All my old devices have wired ethernet. Just connect your HP printer with wired ethernet, connect your TV to wired ethernet, connect your chromecast to wired ethernet. I even have wired network cables placed near where I like to sit with my laptop and just plug in the network there too. Good luck if you have a Nest thermostat or LG smart washer and dryer.
Blur is NOT DESTRUCTIVE. 4chan proved this over a decade ago with the "uncensor this please" and the "no blur" threads. And with AI being what it is now......
@@Iaotle read again. this has been proven pre-AI, and it mostly depends on what kind of blur is used. it just wouldn't matter if they used a block of solid color, or mosaic though, and that's the whole point.
@@Iaotle There are AI trained specifically to deblur. Since blur is "just" a mix of pixels spread out, it is possible to predict how much the pixels were spread out and reverse the process. But on youtube the compression often removes the little colors shifts on blur and we can't recover the smaller details
I find that the best solution for Wifi security is - use a wire instead. In my opinion there is way too much focus given today on making everything wireless. While a wireless connection may be needed in some situations, I feel that a better more secure solution is to use the dedicated wire. That eliminates the possibility of someone connecting without getting past the physical security that may be set up for the area in question. But it's good to know that there are security solutions for when you are forced to go wireless.
Cable infrastructure costs money. When we are talking about a SOHO solution, sure thats fine. But a small/medium size businesses solution, wifi has a wide varity of very valid and innovative use cases. And can cut cable infrastructure costs but a fair amount.
Years ago, I bought a PDA. I found a wi-fi locator program that had a visual display that looked like a radar. It showed the locations of all wi-fi devices within about 150 metres, in real time. If I moved the PDA, the location of the wi-fi locations would move on the screen, continuing to show exactly where they were. It also showed the name of each router and what network they were using. The people who didn't re-name their wi-fi routers were also showing the model. I found a website that listed the default passwords for internet routers. In theory, I would have been able to hack into anyone's wi-fi, if they didn't change the name of their router and if they didn't change their default password. While I did have that capability in my hands, I honestly never actually tested it out.
Based on my experience, aligning your car and setting up your antenna works well only some of the time. A secure way to protect your home network, or any important radio information, is to physically manage the transmit power and location of your router to prevent sensitive data from being exposed outside.
13:15 You for sure _can_ create a ton of WLAN networks for your devices, but this only kinda works in a more urban setup where you do not live on a flat. If you live in a big city on a larger building chances are high that there already are dozens of networks even there is only one per household. Now imagine that not only you but most of your neighbors not one, but several wireless networks. This would probably hurt performance pretty good.
As a cybersecurity student nearly done with their bachelors degree, i would love to see more content of this nature from LTT. Educational, fun, and entertaining. Its actually pretty difficult to find insight/demonstrations of real life applications of data loss prevention, network segmentation, least priviledge, and other more in depth best practices for maintaining a secure digital environment in a workplace. You guys have the means to set up a mock environment to show us all this in real life daily use, and it would actually be really awesome and valuable to the community if you did! :)
Small correction at 08:00, the Intel AX200 is Wi-Fi 6, and the Intel AX210 is Wi-Fi 6E, not sure which one is actually on that board, but I assume it's the AX200 given that the print on the IO shield says "WI-FI 6"
Repping the Edison Motors swag! Really hoping y'all do something together since your both Canooks and it would be a signal boost for a cool company doing cool stuff in a new way.
Anyone else shared and still shared a special love for rainbows and tables? Especially double rainbows are so clear and enlightening. Opening portals of bidectional communiation out of photons and thought and matter.
this has nothing to do with this video, i just want to say how i absolutley love how linus just cleanly and smoothly segways into sponsers, always catches me offguard haha
Besides using QR codes... you can also buy blank NFC tags and write your wifi to them, then any device compatible with NPC can simply scan the tag to connect.
OneRuleToRuleThemAll I use 2x 4090s at work to audit NTLM and we have tested a bunch of others AES256 PDF, WPA2, NTLMv2, etc. 4090s overclocked can match 4x 1080Tis in hashcat benchmarks very impressive. I wish you went more indepth and showed some hashcat benchmarks on 6 of them. Love the super entry level video for security awareness.
The info that older devices break your Wi-Fi security without you realizing it at all is actually very valuable. Nothing in your config tells you that unless you dig deep. And with IoT-devices usually requiring to be on the same Wi-Fi for full functionality, that's an uncomfortable thing to fix.
Back when I was big into Citizen Band radios, everyone I knew was deadly afraid of the dreaded FCC truck, that was never ever spotted anywhere, nor did we ever hear of anyone that got "busted". This reminds me SO MUCH of those days. 😆🙄
Fritz!Box modems, which are very popular in Germany by default have a 20 digit numerical wpa3+2 key. At a million attempts per second that's still multiple years. I have a 13 character "random" alphanumerical key which takes slightly longer.
