The old-time war-driving technique is still proving an efficient way to crack WiFi passwords. Recently, a researcher in Israel was able to crack 70% of WiFi network passwords after collecting network hashes via war-driving.
What is war-driving?
War-driving is a method of searching for WiFi networks while moving around in a vehicle.
In this process, a person drives around on local streets and maps residential WiFi networks to find any vulnerability to exploit, such as common or easy to guess passwords.
Software or tools for war-driving techniques are freely available on the internet.
A researcher from CyberArk came up with an idea of an experiment after observing that across numerous apartments and his neighbors’ WiFi passwords were actually the mobile numbers of the residents or other unsafe passwords.
To confirm his claim, he collected 5,000 WiFi network hashes by roaming streets with WiFi sniffing equipment.
After collecting the passwords in a hashed format, he installed a password-recovery tool, named Hashcat. This tool includes multiple password-cracking methods such as mask and dictionary attacks.
Using the most common dictionary, Rockyou[.]txt, he was able to crack more than 900 hashes, amounting to 3,500 cracked passwords, which is roughly 70% of the hashes gathered.
According to researchers, the sniffing technique used in the experiment only works with routers supporting roaming features.
Roaming routers are usually deployed in cities or campuses where WiFi is deployed as a blanket of internet access using multiple Access Points (APs).
Most of the routers come with dual-purpose capabilities so that roaming options are displayed in APs in residential settings even if their owners do not require that functionality.
This feature makes those devices prone to the risks of war-driving attacks.
This experiment highlights the risks of using weak passwords for their WiFi access points, showing how easily an attacker can infiltrate a targeted network and move laterally into it. To stay safe, users should practice using complex passwords (also use a password manager) and turn off roaming when not in use.