👋Introduction

Heya there!

Problem Statement

Many people disregard advice when it comes to creating good passwords, and in doing so endanger the security of the plethora of their own personal information stored online. Instead of directly telling people how to create better passwords, which has been tried many times before, we give users a hands-on experience that shows them how easy it is to break passwords, especially those that are subpar. We do this by teaching users how to hack. Specifically, this guide walks users through the process of hacking their own, home WiFi.

Background / History

As humanity’s reliance on electronic media has increased, the threats to our online security have increased as well. While information used to be stored in some sort of physical medium, almost all information today is stored online. Bank accounts, financial records, social media, and health information are all kept in digital databases.

To many, this provides great comfort. An almost infinite amount of information is instantaneously accessible and transferable. On the other hand, this ease of accessibility proves to be a great risk to all involved. Day after day, individuals or groups known as “hackers” try to access digital information that does not belong to them. It could be to expose someone. It could be to gain leverage for manipulation and/or monetary gain. Regardless, the cyber attacks these hackers execute across the world are becoming more and more common [1].

Most of the time, the only obstacle between your private information and your hard-earned money is a simple password. This barricade can be quite effective when used properly, but most of the time, it is not. Many people do not create and use secure passwords [2], instead favoring insecure passwords that are easy to remember. Using these weak passwords leaves their information vulnerable to attack from hackers [3].

Passwords are stored in a hashed (encrypted) form, and if a hacker compromises the hash of an insecure password, they can crack (decrypt) the hash offline, i.e. right on their own laptop without being connected to any sort of network. Once the hash is cracked, the hacker knows the password. Furthermore, people who do create strong passwords may still be at risk - even passwords created according to previous industry standards can be cracked offline in under ten minutes [4][5].

What constitutes a strong password? Is it a combination of numbers and characters, length, or something else? In truth, they all come together to reduce the likelihood that they could be guessed in a brute force or lookup attack [6], the most common ways hackers attempt to crack password hashes. We want to help users understand the risks involved with using insecure passwords so that they may increase their personal password security and create stronger passwords.

We believe giving users a hands-on look into a common type of cyber attack will increase their understanding of online security issues and inspire them to create better passwords. One of the easiest and most accessible interfaces to hack is WiFi. The ever-increasing prevalence of WiFi has led to an increase in the popularity of WiFi attacks [seven]. Password-protected networks can be abused in order to get free WiFi, listen to a victim’s internet traffic, snoop around on an internal network, and much more.

Scope and Constraints

It is important that we lay out the scope of this guide. It does teach you everything about hacking, but it does lay down a great foundation to get started. As a reminder, the scope of this guide is limited to teaching users how to crack the WiFi password of their home WiFi network.

Further, for this guide, we work within the constraints listed below in order to maintain brevity of the guide:

• Another user is already connected to the target network.

• The target network is secured with a relatively weak password within the hash table lookup.

• We choose to only make this guide available to Mac users as that is a common platform.

• We choose to take advantage of already existing tools to automate otherwise lengthy processes.

• This guide is intended only for use on your own, home WiFi network over which you have ownership or on a network for which you have explicit permission from the owner to hack. Only perform the hack demonstrated in this guide on such a network. Do not perform the hack demonstrated in this guide on someone else's network, a public network, or anything else of that nature. We, the creators of this guide, take no responsibility for actions taken by you, the user.