Most Wi-Fi Security Can Be Broken (Including WPA2)

Would you be interested in a Japanese VPN Server?
April 3, 2012
BolehVPN-GUI v1.0.0 released with Bug Fixes
April 7, 2012
Show all

Most Wi-Fi Security Can Be Broken (Including WPA2)

Many people know that WEP security on Wi-Fi is easily broken, but very few know that WPA and even WPA2 secured networks are also at risk. With the release of a publically available open source tool called Reaver, now almost anyone can crack most WPA and WPA2 networks. In short, a huge percentage of Wi-Fi networks can be broken.

Just last December, Stefan Viehbock reported that most WPS-enabled Wi-Fi routers are susceptible to a brute force attack. What makes this vulnerability so problematic is how easy it is to do by using just one of a few free programs. Lifehacker explains how Reaver can be used easily Crack a WPA or WPA2 password in a few hours, and how the program is used. They also give a brief explanation as to how you might protect your networks against Reaver attacks. The article is definitely worth a read if you are concerned with your data security.

Another vulnerability with your WPA2 Wi-Fi security was uncovered by AirTight Networks, and is known as “Hole 196.” This vulnerability is not as easy to use, but still poses a risk:

Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.
-Joanie Wexler, Network World

With some routers, you can solve the WPS vulnerability by completely disabling the WPS option on your router. The problem is that not every router has this option, and WPS is usually turned on by default. You can also disable the wireless network on susceptible devices, but this might be a problem if you use laptops and mobile devices. Some routers have an automatic block built in them to stop successive failed attempts, but this merely slows down the process.

With Wi-Fi security up in the air, it is recommended to use a VPN to encrypt your internet traffic and ensure your computers are properly firewalled when surfing at public Wi-Fi hotspots. This will greatly protect your data and security even in the event someone does break the Wi-Fi key.


  1. Joseph Ting says:

    What about MAC Filter? It’s a bit tedious but definitely an effective way to block unauthorized access.

    • Reuben says:

      Joseph: MAC filters are another way to block unauthorized access but it does not protect the security and integrity of the data. A MAC address can also easily be spoofed. No harm in implementing it as an additional security measure but it still doesn’t solve the problem.

  2. prasad says:

    Not broadcasting your SSID should do more then MAC filtering.

  3. vanhoe says:

    not using wifi should do more lol

  4. Javier says:

    prasad, turning off SSID broadcast buys you nothing more than a false sense of security, as does MAC filtering. It does make it more difficult for your legit clients to connect and stay connected however.

    The reason I say this is because no one who is trolling for wireless networks is going to use a standard WiFi connection manager to do so. They’re going to be doing a full WiFi scan, and whether you’re broadcasting or not, they’re going to see your SSID.

    Don’t believe me? Try something like AirRadar and do a quick scan of your neighborhood. I’ll bet you a dollar that you’ll see at least one network that you hadn’t seen before. And AirRadar is not even close to one of the best scanners on the market.

Leave a Reply

Your email address will not be published. Required fields are marked *