Absolutely possible with the technical knowhow and determination. We do it out at some of our client sites.
At home, often the WPS is vulnerable, so you can compromise with no brute-force.
A certain ISP supplied kit where the WPS keys are mapped to the MAC, hence it takes <10 seconds to get in.
Newer devices supplied by ISPs, you have to brute force the WPA2 key, however given every Sky Router, HomeHub etc has the same password length, that greatly reduces your possibilities. IE if you know every BTHub6 is a 10 digit password, you only try out 10 digit passwords.
The attack works by kicking a user off the access point, which can be done without knowledge of the WPA2 password. When it authenticates back in you capture the WPA2 handshake. This is now cracked offline, so the attack is somewhat undetected apart from a split second where 1 device is kicked off the AP for a few seconds, everything else is done offline.
We have a success rate of approx 50% out at client sites, largely since their choice of password is nothing too complex. Fortunately, this often gets us into Guest networks, whereas the corporate network operates WPA-2 Enterprise, a whole different beast.
Where the WPS is really flawed, you can see the PW is obtained in a couple of minutes:
More complex, WPA2 compromise:
You generally would not use a dictionary in Kali as per the video, but some sort of cracking machine or even better there is a whole bunch of online tools designed for this type of cracking, some are more custom than others, and these have a lot of power to try combinations way faster. One site, you pay 5 euros and usually within 7 days it either has it, or not.
This topic is purely for your own educational purposes, not to check out on an unauthorised device.
Hard Fact wise: 100% possible, reality check: Rarely carried out given the low price of home internet alongside limited WiFi Range. A password is enough to put off 99%+ of people. Also, those with the ability to do it are usually techy and not to stereotype but they would rather have management of their technology, ability to pick their speed package, have a few wired devices (NAS etc).
Edited by ukhardy07 (Fri 02-Mar-18 18:28:31)