Migrate From WPA2-PSK Before Your Company Network Gets Hacked

Posted On 9 Jan, 2023

Introduction

Your company is like a house and its network is like the locks on the doors of your house.

The WPA2-PSK network security protocol is just like the regular locks you use at home to keep burglars out.

Migrate From WPA2-PSK Before Your Network Gets Hacked

However, just like robbers can find ways to pick or break regular locks, hackers can also find ways to bypass WPA2-PSK and gain access to your network.

This means that hackers can steal sensitive information from your company’s network and either hold it ransom or release it into the public domain. This can be devastating for you as it can lead to financial losses and damage to your brand reputation.

To protect itself from this kind of attack, you need to upgrade to a more secure network security protocol.

This post discusses the perils with still using WPA2-PSK authentication protocols in your company.

Table of Contents

Are You Still Using WPA2-PSK To Secure Your Company Network?

WPA2-PSK (Wi-Fi Protected Access 2 – Pre-Shared Key) is a security protocol that is used to protect wireless networks.

WPA2-PSK was introduced as part of the 802.11-2007 security amendment. The 802.11-2007 standard brought in significant improvement to wireless security and is referred to as Robust Security Network(RSN).

Prior to 802.11-2007, wireless security was close to non-existent. WPA2-PSK was meant for use in home or small office environments. It uses a pre-shared key to authenticate with the wireless network.

WPA2-Enterprise, which is more secure, uses 802.1X/EAP for authentication and authorization. At a minimum, WPA2-Enterprise requires a RADIUS server.

Oftentimes, small and medium businesses who do not have the expertise or budget to set up a RADIUS server end up using WPA2-PSK as a secure method for protecting wireless access. However, as the company grows, it becomes harder to migrate from WPA2-PSK to WPA2-Enterprise.

Eventually, an IT audit by an external agency or, heaven forbid, a security incident will force the company to use a more secure authentication method.

In some cases large enterprise customers also use WPA2-PSK. This is due to the need to support devices that are critical to business which do not support any of the WPA2 Enterprise authentication mechanisms.

3 Big Reasons For Junking WPA2-PSK In 2023

WPA2-PSK is still secure enough for homes and small businesses when used with a very long pre-shared key.

However, WPA2-PSK is not secure enough for businesses handling sensitive data. WPA2-PSK also has several shortcomings that make it difficult to maintain a secure environment.

  • A shared password is never secure
    WPA2-PSK uses a pre-shared key for authentication. This inherently makes it less secure. Employees can share the password with people they think are trustworthy, but could be a potential hacker. When an employee leaves the company, the pre-shared key needs to be changed to maintain the same level of security. This means every device that is using the pre-shared key needs to be updated which makes it a management nightmare. The bigger the business, the more painful the process.Some wireless vendors provide what is known as a per-user PSK. This gives each user a unique pre-shared key managed by the network administrator. While this does solve the administrative overhead of changing the PSK when an employee leaves, the wireless network is still open to weakness in the WPA2-PSK protocol itself.
  • Brute-Force Attack
    WPA2-PSK is susceptible to brute-force dictionary attack unless the network administrator is using a very long pre-shared key. Social engineering is another way WPA2-PSK can be compromised.
  • KRACK Vulnerability Case Study: One well-known example of a WPA2-PSK vulnerability is the KRACK (Key Reinstallation AttaCK) attack, which was discovered as long back as in 2017.It affected most devices that used WPA2-PSK. The vulnerability allowed an attacker to potentially intercept and read the data being transmitted over a WPA2-PSK network.The attack exploited a vulnerability in the WPA2-PSK protocol that allowed an attacker to potentially intercept and read the data being transmitted over a WPA2-PSK network. When a client joins a WPA2-PSK network, it uses a 4-way handshake to establish and agree on an encryption key. This is the key that is actually used to encrypt all the data. The pre-shared key is used only to authenticate with the network.The attack worked by tricking the victim’s device into reinstalling an already-in-use key, which allowed the attacker to decrypt the data being transmitted over the network. To carry out the attack, the attacker would need to be within range of the victim’s device and the victim’s device would need to be connected to a WPA2-PSK network. The attacker could then use a variety of techniques to execute the attack, such as injecting malicious packets into the network or manipulating the wireless signal to trick the victim’s device into reinstalling the key.

So why are we talking about this now, in late 2022?

In just the past 6 months at Consltek Inc, we ran into at least 3 customers who were still using PSK to secure their network. These were not the regular mom and pop shops with less than 5 people working there.

3 Cases Offer Some Interesting Security Insights

These were customers with 100 to 500 employees in multiple locations.

Migrate From WPA2-PSK Before Your Network Gets Hacked

  1. Customer A: Approximately 200 employees with multiple physical office locations. We still use PSK, but only the IT team knows what the password is. We pre-provision all devices with the wireless profile and ship it.
  2. Customer B: With 120 employees who manage PII data of customers with a very high turn around of employees, who are oftentimes disgruntled.
  3. Customer C: With 300 employees and multiple locations. Luckily they got audited and were asked to change the PSK and we successfully migrated them to EAP-TLS based authentication.

There are hundreds or thousands of customers of significant size still using WPA2-PSK and think that their network is secure or just keeping their fingers crossed.

One of the biggest security issues for wireless is the lack of physical security. A hacker could be sitting in your parking lot and trying to break into your wireless network.

Hard Evidence Against WPA2-PSK

If you still don’t believe, PSK is not safe, just Google for “ how to break wpa2 psk security” and you can observe from the results how easy it is to crack WPA2 PSK.

Migrate From WPA2-PSK Before Your Network Gets Hacked

You can try this at your home fairly easily without spending any money as most tools are available free of cost online.

Migrate From WPA2-PSK Before Your Network Gets Hacked

WARNING: Just make sure that you are only breaking into your own network otherwise you can be breaking the law and can face serious consequences.

Other risks in using WPA2-PSK in 2023?

You don’t need to have a security incident before WPA2-PSK can impact your business. You can lose serious revenue due to various other requirements.

image4_1.png?nc=1673248264

  • Business Impact: Vendor Security Requirement
    More and more businesses require their vendors to be security compliant. If you are conducting businesses with reputable companies, you will be required to have a minimum security posture.More and more companies are sending out security questionnaires asking vendors how they manage their security. WPA2-PSK will never be considered a good security practice and can result in you not able to conduct business with such firms.
  • Business Impact: Cybersecurity Insurance
    Cybersecurity Insurance providers are forcing customers to meet strict security requirements before they renew or extend their policy. More and more businesses require their vendors to have cybersecurity insurance.With weak wireless security, your chances of getting a cybersecurity insurance premium can be significantly expensive or worse, you may not be able to get the insurance.
  • Business Impact: Security Audit and Certification
    If your business requires to get a NIST or other security certification, or is currently going through a security audit, the chances are that you will not pass the audit while using WPA2-PSK as your wireless authentication mechanism.

Conclusion

As you have observed in this article, WPA2-PSK is a dangerous protocol to use today because of the security breach it is potentially capable of.

Hacks for it abound on the internet. The tools to hack this type of authentication are available freely.

By proactively upgrading to a stronger network security protocol, you can protect itself from potential hacks and keep your valuable information and reputation safe.

In the next article, we will go over WPA2-Enterprise and the EAP/802.1X framework which are more secure.

Article by:

Rajesh Haridas

Rajesh Haridas is the founder and CEO of Consltek. He brings in 20+ years of experience working in the technology industry.

Category:
Security
Boost IT Growth In Healthcare

Set up a no-obligation consulting session

Case Studies

Managed Security

Enterprise grade security for mid-size businesses.

Managed Infrastructure

Infrastructure enabling you or holding you back?

Managed Compliance

Let Consltek help you with your compliance needs.