A new way to compromise the WPA/WPA2 security protocols has been accidentally discovered by a researcher investigating the new WPA3 standard.
The attack technique can be used to compromise WPA/WPA2-secured routers and crack Wi-Fi passwords which have Pairwise Master Key Identifiers (PMKID) features enabled.
Security researcher and developer of the Hashcat password cracking tool Jens "Atom" Steube made the discovery and shared the findings on the Hashcat forum earlier this month.
At the time, Steube was investigating ways to attack the new WPA3 security standard. Announced in January by industry body the Wi-Fi Alliance, WPA3 is the latest refresh of the Wi-Fi standard.
WPA3 aims to enhance user protection, especially when it comes to open Wi-Fi networks and hotspots commonly found in public spaces, bars, and coffee shops. The new standard will utilize individualized data encryption to scramble connections -- as well as new protections against brute-force attempts to crack passwords.
However, the aging WPA2 standard has no such protection.
According to the researcher, the new attack method does not rely on traditional methods used to steal Wi-Fi passwords. Currently, the most popular method is to wait until a user connects to Wi-Fi, wait for the four-way authentication handshake to take place, and capture this information in order to brute-force the password in use.