Ask HN: My WiFi password changed over night
Did not really think about it - because radios usually have crappy software and a short power outage could have caused it was my thought.
Then I realised that I can't stream music to my Sonos speakers while still in bed. Also just thought Spotify probably has some issues (happened before).
When I finally tried to use my computer I realised that all my devices aren't connected to my wifi anymore. It prompts with an 'invalid password' dialog - and wanted me to enter the password.
My router is a Ubiquity Dream Machine (not pro) and I use their cloud account. I checked what was put there as the password and it's an old password from me. (this shocked me - I did not change it.)
How could this have happened?
Are there things I should do?
Other thoughts I had:
- Someone is trying to get my wifi credentials by cloning my SSID name. (unplugged my AP and the network disappeared so I guess that a not the case.)
- Ubiquity screwed up an update. (Nope - works properly after changing the password back)
- Ubiquity somehow restored an old version (I might have had that password as the wifi password before. But this was a year ago.)
Actions I have taken:
- changed unify account password
- checked https://haveibeenpwned.com
my mail address is included in one breach.
12 comments
[ 3.0 ms ] story [ 41.2 ms ] threadhttps://thehackernews.com/2018/08/how-to-hack-wifi-password....
I see from Wikipedia there is a new WPA3 protocol, and that's where I would start if I was worried about security to that degree. I am not, so I have not upgraded openwrt on my router.
Instead of a preshared key shared by all sessions, each session gets a different key.
With WPA personal, if you compromise the key, you can record traffic and decrypt forward and backward in time. With enterprise, you can only decrypt a session. The fundamental technology/encryption is the same.
Still strange and unexpected from a brand that mostly targets businesses.
Plain and simple it is a massive attack surface and an attractive nuisance for ransomware organizations.
Need to check their press statement again later.