Researcher uses Amazon cloud to crack Wi-Fi passwords

By on January 12, 2011, 10:30 AM
A security researcher from Germany named Thomas Roth has written a program that can crack the WPA encryption that protects many Wi-Fi networks in a few minutes. His software employs a "brute force" attack, where passwords are deciphered by successively varying combinations of numbers and digits, and since naturally that can take some serious computer resources he tapped on Amazon's EC2 cloud services to get the job done.

Initially it took him 20 minutes to crack the key for a network in his neighborhood, but after some modifications to his software he was able to bring the time down to only six minutes. Amazon rents its service to customers for 28 cents per minute so the total cost of the crack came to just $1.68.

Of course this is a violation of Amazon’s acceptable use policy, but Roth is hoping to show network administrators that WPA-PSK is not strong enough to keep out intruders and that they should be using stronger encryption algorithms – especially at a time when powerful and inexpensive cloud computing services are accessible to anyone. He plans to distribute his software publicly and give demonstrations on using it at the Black Hat conference in Washington D.C.




User Comments: 15

Got something to say? Post a comment
Benny26 Benny26, TechSpot Paladin, said:

I'm sure alot of people are looking forward to seeing that in action...

TomSEA TomSEA, TechSpot Chancellor, said:

"He plans to distribute his software publicly..."

Thanks guy - now we'll have roving network thieves in cars hacking into wi-fi stations everywhere. Sheesh...I know he's trying to do good here, but don't just hand the keys to the inmates, wouldja??

JMMD JMMD, TechSpot Chancellor, said:

I'm sure people are already doing it without his software. WEP seems to be the most commonly used security from what I've seen and that's very easy to crack.

Guest said:

Only Best buy shoppers and complete Noobs still use WEP.

And if you are you deserve to be hacked.

Tanstar said:

Guest said:

Only Best buy shoppers and complete Noobs still use WEP.

And if you are you deserve to be hacked.

He's not cracking WEP. He's cracking WPA.

Prosercunus said:

Tanstar said:

Guest said:

Only Best buy shoppers and complete Noobs still use WEP.

And if you are you deserve to be hacked.

He's not cracking WEP. He's cracking WPA.

I think he is replying to a later post... and ya I will use WEP, but I am certainly not a "best buy shopper", I am just incredibly lazy and live in a small town where I don't have to worry about that. I do hide my SSID however. If I lived in a high risk area (city, bigger town, etc) I would certainly never use WEP though.

JMMD JMMD, TechSpot Chancellor, said:

Only Best buy shoppers and complete Noobs still use WEP.

And if you are you deserve to be hacked.

You've describe most of the population. Of the 15 or so networks in my neighborhood that I can see, 14 use WEP.

9Nails, TechSpot Paladin, said:

Guest said:

Only Best buy shoppers and complete Noobs still use WEP.

And if you are you deserve to be hacked.

Older Apple products fail under WPA. Many require firmware updates for the WiFi cards in order to function under WPA, and some I've seen do not work with WPA2 at all. Like ones that shipped with 10.5 or older. But you said complete noobs, so you're still correct

Lokalaskurar Lokalaskurar said:

True, stronger encryption algorithm's could be used to counter the cloud-hacking.

As for WEP, by comparison, it is very easy to hack nowadays. WPA-PSK is much safer than WEP, but not even WPA-PSK is foolproof. Ever since the 18th century, code-crackers have always said that there is not a single system in the world that is 100% bulletproof - every password is crackable.

This fellow's way of distributing WPA-PSK's decreased security status reminds me somewhat of the FireSheep-plugin for Firefox. Simply a piece of code which makes stealing cookies easy - yet sometimes with serious consequences.

Guest said:

Another hoax being created here.

If this is brute force attack, how many characters there were this "network in his neighborhood" protection passphrase ? The article (appropriately) did not informe.

Anyone with some math background knows that "brute force" attack takes exponentially more time as the passphrase grows in size.

Let's consider that he managed to break a 8 characters passphrase in 6 minutes spending $1.68, considering that each character have about 40 possibilities (have much more than this, but let's consider that the user is not very creative). How long would it take and cost to break a:

9 characters passphrase: 240 minutes and $ 67.20

10 characters passphrase: 2,6 days and $ 2,688.00

15 characters passphrase: 31,171 years and $ 11,000,000,000,000.00

20 characters passphrase: 20 times the age of the Universe and more money than could ever be printed in the entire word

Resume: WPA is not broken, the just "network in his neighborhood" chose a too short passphrase.

Guest said:

what about WPA2-psk?

Guest said:

Another hoax being created here.

If this is brute force attack, how many characters there were this "network in his neighborhood" protection passphrase ? The article (appropriately) did not informe.

Anyone with some math background knows that "brute force" attack takes exponentially more time as the passphrase grows in size.

Let's consider that he managed to break a 8 characters passphrase in 6 minutes spending $1.68, considering that each character have about 40 possibilities (have much more than this, but let's consider that the user is not very creative). How long would it take and cost to break a:

9 characters passphrase: 240 minutes and $ 67.20

10 characters passphrase: 2,6 days and $ 2,688.00

15 characters passphrase: 31,171 years and $ 11,000,000,000,000.00

20 characters passphrase: 20 times the age of the Universe and more money than could ever be printed in the entire word

Resume: WPA is not broken, the just "network in his neighborhood" chose a too short passphrase.

Not to mention the article doesn't state as to if the passwords he "cracked" were based on a dictionary word or not (which most people seem to do)

Staff
Jesse Jesse said:

Prosercunus said:

I think he is replying to a later post... and ya I will use WEP, but I am certainly not a "best buy shopper", I am just incredibly lazy and live in a small town where I don't have to worry about that. I do hide my SSID however. If I lived in a high risk area (city, bigger town, etc) I would certainly never use WEP though.

This makes no sense to me... WEP is a huge pain in the ass compared to WPA... remembering a passphrase is so much easier than remembering a random string of characters.

Guest said:

WPA2-Radius. It's difficult for me when I have hardware that will not support this (not router, but wireless television, etc.).

Guest said:

ok people almost all "cheap" and up waps support mac filtering... use it.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.