Cloud computing used to hack wireless passwords

Thomas Roth intends to make his software publicly available, and will soon present his research to the Black Hat conference in Washington, D.C.

German security researcher Thomas Roth has found an innovative use for cloud computing: cracking wireless networks that rely on pre-shared key passphrases, such as those found in homes and smaller businesses.

Roth has created a program that runs on Amazon's Elastic Cloud Computing (EC2) system. It uses the massive computing power of EC2 to run through 400,000 possible passwords per second, a staggering amount, hitherto unheard of outside supercomputing circles--and very likely made possible because EC2 now allows graphics processing units (GPUs) to be used for computational tasks. Among other things, these are particularly suited to password cracking tasks.

In other words, this isn't a clever or elegant hack, and it doesn't rely on a flaw in wireless networking technology. Roth's software merely generates millions of passphrases, encrypts them, and sees if they allow access to the network.

However, employing the theoretically infinite resources of cloud computing to brute force a password is the clever part.

Purchasing the computers to run such a crack would cost tens of thousands of dollars, but Roth claims that a typical wireless password can be guessed by EC2 and his software in about six minutes. He proved this by hacking networks in the area where he lives. The type of EC2 computers used in the attack costs 28 cents per minute, so $1.68 is all it could take to lay open a wireless network.

Roth intends to make his software publicly available, and will soon present his research to the Black Hat conference in Washington, D.C.

Using EC2 for such ends would be against Amazon's terms of use, of course, but Reuters quotes Amazon spokesman Drew Herdener as saying that if Roth's tool is used merely for testing purposes, everything's above board.

Roth's intention is to show that wireless computing that relies on the pre-shared key (WPA-PSK) system for protection is fundamentally insecure. The WPA-PSK system is typically used by home users and smaller businesses, which lack the resources to invest in the more secure but complicated 802.1X authentication server system.

WPA-PSK relies on administrators setting a passphrase of up to 63 characters (or 64 hexadecimal digits). Anybody with the passphrase can gain access to the network. The passphrase can include most ASCII characters, including spaces.

WPA-PSK is believed to be secure because the computing power needed to run through all the possibilities of passphrases is huge. Roth's conclusion is that cloud computing means that kind of computing power exists right now, at least for weak passwords, and is not even prohibitively inexpensive.

In other words, if your network relies on WPA-PSK, its time to check that passphrase. It's claimed that up to 20 characters are enough to create an uncrackable passphrase, but the more characters you can include in the passphrase, the stronger it will be. It should be noted that Roth very probably cracked open networks with short passwords.

Include a good variety of symbols, letters and numbers in the passphrase, and change it regularly--monthly, if not weekly. Don't use words you might find in a dictionary, or any words that are constructed cunningly by replacing letters with numbers (that is, passwords like "n1c3"); hackers are way ahead of you on such "substitution" tricks.

Passphrases constructed like this are effectively impossible for computers to guess by brute force, even by cloud computing systems running Roth's software, due to the amount of time it would take.

Because WPA-PSK is also calculated using the service set identifier (SSID, or base station name) of the wireless router, it also makes sense to personalize this and ensure it isn't using the default setting (usually the manufacturer's name). This will protect you against so-called "rainbow" attacks, which rely on a look-up table of common SSIDs.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Networkingsecuritywirelesscloud computinginternet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Keir Thomas

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?