RSS Alerts

Related Links

Related Stories

  • Researchers turn wireless network into X-ray tool
    Researchers at the University of Utah have devised a way to visually monitor a room using cheap wireless sensors. The technique, known as ' variance-based radio tomography', effectively enables its users to see through walls, explain Jerry Wilson and Neal Patwari, authors of a paper on the subject.
  • WPA Cracked
    A newly-discovered vulnerability in a common wireless network encryption standard is a timely warning to business to upgrade to the latest encryption version, say security experts.
  • Cyber security lacking at airports
    Fourteen airports in the US, Canada and Asia, are using open or poorly secured wireless networks, according to a study by Gartner Mobile and wireless provider AirTight Networks.
  • AI superbots threaten information security
    The development of virtual servers and cloud computing has brought with it a new information security problem - artificially intelligent (AI) superbots. Steve Gold explains what can be done to defend against this totally new genre of information security threats
  • Microsoft, Marlinspike threaten Google data gathering policy
    Google faced challenges to its search engine's data gathering policy this week from two sides. Microsoft bettered the search engine giant by revising its own search privacy policy, while security researcher Moxie Marlinspike delivered a service that allows users to bypass Google's data gathering procedures altogether.

News

Cloud based wireless password crack service launches

08 December 2009

A hacker who found a flaw in the SSL protocol last year has launched a new project that cracks wireless network passwords using a cloud based computing service.

Moxie Marlinspike's project, WPA Cracker, uses a 400-CPU cluster to crunch the numbers on captured packets from wireless networks that are protected using WPA encryption. Users can collect packets from a wireless network using popular wireless sniffer tools such as Wireshark. They then upload their data via the service's website, and wait for it to find the target password.

WPA cracker offers two levels of service for penetration testers wanting to crack a wireless network password. The first, costing $17, uses half of the cluster's power, and returns results within 40 minutes. The second level of service costs $34 and returns results in half the time.

Marlinspike claimed that the system works better than existing rainbow tables. These are databases of hashes, pre-calculated using the popular SSIDs (network names) shipped by default with wireless routers. Rainbow tables are generated by combining popular SSIDs (such as 'default' or 'linksys') with hundreds of thousands of known words in the English language. Captured network packets can then be matched against the hashes, and if any are found to match, the password can be instantly referenced.

"Since each handshake is salted with the ESSID of the network, you have to build a unique set of rainbow tables for each network that you'd potentially like to audit", Marlinspike said on the WPA Cracker site, adding that the million or so words used to compile popular rainbow tables such as those offered by the Church of WiFi are not large enough.

"WPA Cracker provides a service that can crack the PSK of a network with any ESSID, using a dictionary that is several orders of magnitude larger."

This is not the first time that someone has set out to use computing-intensive equipment to crack passwords. Russian company Elcomsoft has used the floating point processors in graphics cards to accelerate the calculations needed to crack passwords.

Last year, Marlinspike published a tool called sslstrip that showed how man in the middle attacks could be mounted against SSL connections that began as straightforward HTTP sessions. Paypal subsequently suspended his account.
 

 

This article is featured in:
Wireless and Mobile Security

 

Comments

egeier says:

21 December 2009
This type of brute-force attack doesn’t apply to WPA/WPA2-Enterprise networks which use 802.1X authentication. Even small businesses and consumers can now easily implement this advanced security using outsourced services like AuthenticateMyWiFi (http://www.NoWiresSecurity.com).

gurudatt says:

09 December 2009
To check this out go to www.easysecured.com and www.0pass.com

gurudatt says:

09 December 2009
Passwords are a problem. I have developed a solution that does away with the password completely.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water