Researcher uses Amazon cloud to crack Wi-Fi passwords

By Jos ยท 15 replies
Jan 12, 2011
Post New Reply
  1. A security researcher from Germany named Thomas Roth has written a program that can crack the WPA encryption that protects many Wi-Fi networks in a few minutes. His software employs a "brute force" attack, where passwords are deciphered by successively varying combinations of numbers and digits, and since naturally that can take some serious computer resources he tapped on Amazon's EC2 cloud services to get the job done.

    Read the whole story
  2. Benny26

    Benny26 TechSpot Paladin Posts: 1,535   +51

    I'm sure alot of people are looking forward to seeing that in action...
  3. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,718   +859

    "He plans to distribute his software publicly..."

    Thanks guy - now we'll have roving network thieves in cars hacking into wi-fi stations everywhere. Sheesh...I know he's trying to do good here, but don't just hand the keys to the inmates, wouldja??
  4. JMMD

    JMMD TechSpot Chancellor Posts: 854

    I'm sure people are already doing it without his software. WEP seems to be the most commonly used security from what I've seen and that's very easy to crack.
  5. Only Best buy shoppers and complete Noobs still use WEP.

    And if you are you deserve to be hacked.
  6. Tanstar

    Tanstar TS Evangelist Posts: 616   +176

    He's not cracking WEP. He's cracking WPA.
  7. Prosercunus

    Prosercunus TS Booster Posts: 166   +40

    I think he is replying to a later post... and ya I will use WEP, but I am certainly not a "best buy shopper", I am just incredibly lazy and live in a small town where I don't have to worry about that. I do hide my SSID however. If I lived in a high risk area (city, bigger town, etc) I would certainly never use WEP though.
  8. JMMD

    JMMD TechSpot Chancellor Posts: 854

    You've describe most of the population. Of the 15 or so networks in my neighborhood that I can see, 14 use WEP.
  9. 9Nails

    9Nails TechSpot Paladin Posts: 1,215   +177

    Older Apple products fail under WPA. Many require firmware updates for the WiFi cards in order to function under WPA, and some I've seen do not work with WPA2 at all. Like ones that shipped with 10.5 or older. But you said complete noobs, so you're still correct :)
  10. Lokalaskurar

    Lokalaskurar TS Enthusiast Posts: 544

    True, stronger encryption algorithm's could be used to counter the cloud-hacking.

    As for WEP, by comparison, it is very easy to hack nowadays. WPA-PSK is much safer than WEP, but not even WPA-PSK is foolproof. Ever since the 18th century, code-crackers have always said that there is not a single system in the world that is 100% bulletproof - every password is crackable.

    This fellow's way of distributing WPA-PSK's decreased security status reminds me somewhat of the FireSheep-plugin for Firefox. Simply a piece of code which makes stealing cookies easy - yet sometimes with serious consequences.
  11. Another hoax being created here.
    If this is brute force attack, how many characters there were this "network in his neighborhood" protection passphrase ? The article (appropriately) did not informe.
    Anyone with some math background knows that "brute force" attack takes exponentially more time as the passphrase grows in size.
    Let's consider that he managed to break a 8 characters passphrase in 6 minutes spending $1.68, considering that each character have about 40 possibilities (have much more than this, but let's consider that the user is not very creative). How long would it take and cost to break a:
    9 characters passphrase: 240 minutes and $ 67.20
    10 characters passphrase: 2,6 days and $ 2,688.00
    15 characters passphrase: 31,171 years and $ 11,000,000,000,000.00
    20 characters passphrase: 20 times the age of the Universe and more money than could ever be printed in the entire word
    Resume: WPA is not broken, the just "network in his neighborhood" chose a too short passphrase.
  12. what about WPA2-psk?
  13. Not to mention the article doesn't state as to if the passwords he "cracked" were based on a dictionary word or not (which most people seem to do)
  14. Jesse

    Jesse TS Evangelist Posts: 358   +42

    This makes no sense to me... WEP is a huge pain in the *** compared to WPA... remembering a passphrase is so much easier than remembering a random string of characters.
  15. WPA2-Radius. It's difficult for me when I have hardware that will not support this (not router, but wireless television, etc.).
  16. ok people almost all "cheap" and up waps support mac filtering... use it.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...