I’m not that knowledgeable on networking, but I do remember that if a device is connected to a wired network, it can end up receiving packets not meant for it because switches will flood all the ports for packets they don’t know how to route. But I also heard that Wi-Fi is supposedly smarter than that and a device connected to it should never receive a packet not meant for it.
Is this true? And in practice, does this mean it’s preferable should keep computers with invasive operating systems (which might decide to record foreign packets sent to it in its telemetry) on Wi-Fi instead of on the wired network?
Also, how exactly does Wi-Fi prevent devices from receiving the wrong packets when it’s a radio based system and any suitable antenna can receive any Wi-Fi signal? Does each device get assigned a unique encryption key and so is only capable of decrypting packets meant for it? How secure is it actually?
I vaguely remember getting into a WPA network (that I owned!) using kismet about 15 years ago with relative ease, but I’m struggling to remember details about that process.
I also remember reading that WPA2 non-enterprise was broken a while ago, however I just looked into it and both of the main exploits I can find were patchable (and have been patched) at client OS level (They were the KRACK and FragAttacks). Seems like there has already been something found wrong with WPA3 too that’s also been addressed.
So yeah as you say back to brute forcing for the most part. Forcing reconnects was a pretty easy way to get more handshakes to record back when I last tried, so I assume that still has decent levels of success, given the prevalence of mesh networks. Looking further it seems people use a tool called hashcat today to get pretty rapid results doing the actual brute forcing using a modern GPU.
But yes very good advice all in all, long passwords and the highest WPA version you can get away with are going to make an attackers job harder.
Thanks for the reply, you got me to go back down an interesting rabbit hole I’ve not looked at in a while
The 4-way handshake crack was the only key recovery attack until 2018 when the PMKID-based attack was discovered (here: https://hashcat.net/forum/thread-7717.html). The PMKID crack attack still required brute-forcing the key, but it didn’t require the 4-way handshake so you didn’t have to depend on a de-authentication attack to get started.
At that time there was another WPA vulnerability, if you were using WPA-TKIP, but it only allowed sending a few small packets every 10-12 minutes so it wouldn’t allow you to gain access to the network.
Later there were a few WPS-based attacks but they were slow (4 hours to recover the WPS PIN) and/or limited to specific manufacturers (weak hardware random number generation).
At 71, I struggle sometimes remembering what I had for breakfast. LOL It is a very interesting rabbit hole for me as well. Wasn’t trying to correct you, I’m an expert at nothing. Your comment just spurred a memory of a long forgotten era of my life as a wannabe haxor.