Cybersecurity enthusiast collects Wi-Fi passwords using homemade device, sounds warning

Thousands of Wi-Fi passwords in Hanoi have been collected using a homemade device, with an experiment finding that the passwords of 50% of them can be stolen easily.

Ha Trung Hieu, founder of cybersecurity community Cookie Han Hoan, issued the warning this week following a Wi-Fi password scanning experiment.

Of the 10,000 networks he scanned, around 5,000 used simple passwords that can be easily guessed, such as « 123456789 » and « 88888888. »

He said the experiment was done to raise people’s cybersecurity awareness.

Wi-Fi networks mainly use the WPA/WPA2 security protocol, which requires a four-step authentication process for Internet connection.

However, for the sake of convenience and reduce the number of times the process is carried out whenever someone tries to access the Internet, access points often create something called PMKID, an identity code unique to a device connecting to a Wi-Fi network.

This code contains data like the name of the Wi-Fi network and the device’s MAC address, allowing it to be connected instantly.

Hieu’s group used computer Wi-Fi cards with enhanced signal reception capabilities using homemade antennas.

They then mounted the devices on motorbikes and rode around some Hanoi districts.

Within a few days the group managed to collect around 200,000 PMKIDs. This data was then processed, generating PMKID data related to 10,000 access points.

To decode the PMKID, the researchers used hashcat, a popular tool for password-hacking that has been shared publicly since 2018. Hieu said the hacking does not require much technical knowledge.

It revealed that some of the most common passwords include « 12345678, » « 88888888, » « 66668888, » « camonquykhach » (thank you, guests) and « hoilamgi » (what you’re asking (for password) for).

In 2021, using the same technique, Israeli researchers cracked 70% of the passwords garnered from 5,000 PMKID samples due to people’s habit of using their phone numbers as passwords.

Security risks

Experts said people still do not have adequate awareness of protecting their information, are willing to share passwords with others and use simple passwords.

« Once your Wi-Fi passwords are leaked, hackers will find it very easy to gain access to your home, » Hieu said.

They can not only access the Wi-Fi network, but also scan for vulnerabilities in devices which are part of the network, like automatic doors, cameras, printers, and lighting systems.

For businesses, such as cafes, hackers can also gain access to the counters, safes and bill printers.

Experts said businesses should set up their own local area networks while ordinary users should separate devices in the network and use the guest access mode to share Wi-Fi passwords with others.

People should also use more complex, hard-to-guess passwords, they added.

By Luu Quy – VnExpress.net – March 2, 2024