First, a brief crash course on how Wi-Fi security works. When you join a regular, password-protected Wi-Fi network, your phone or computer doesn’t directly send your password to the access point. Rather, the password is hashed with the SSID (the name of the network) by applying SHA1 a large number of times iteratively in order to create a cryptographic key, called the Pairwise Master Key (PMK for short). This key is then used to mutually authenticate the client and the access point, so that each side knows the other possesses the same key, and from this process a session key is derived that protects data communication for that client on the network. The end result is that your access to the network is secured without ever actually sending your password or the PMK itself over the air, where it could be intercepted by a third party.
Suppose an attacker gains access to Microsoft’s database of Wi-Fi network PMKs. These are hashes of the password, stored with the network name, so it takes computational effort to reverse these or find a collision. However, most users’ passwords are utterly terrible, and most people reuse passwords across multiple services. Combined with other hacked databases, an attacker can quickly pick off the weak passwords and then start using them on other services. Using a strong, unique password mitigates this, but generally speaking the users who do so are also the most savvy users who could just as easily buy and install a router capable of providing a separate guest network.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.