A security researcher using his own custom built software has tapped Amazon’s cloud computing service to crack Wi-Fi passwords quickly and cheaply.
Thomas Roth of Cologne, Germany told Reuters he software running on Amazon’s Elastic Compute Cloud service to break into a WPA-PSK protected network in about 20 minutes and claimed that with refinements to his program he said he could cut the time down to about six minutehttps://www.gaj-it.com/wp-admin/post-new.phps.
With EC2 computers available for 28 cents per minute, the cost of the crack came to just $1.68.
"People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so," "But it is easy to brute force them." said Roth.
Roth has a history of hacking the 'unhackable' and in November he used Amazon’s cloud to brute force SHA-1 hashes. Roth said he cracked 14 hashes from a 160-bit SHA-1 hash with a password of between one and six characters in about 49 minutes.
Brute force cracks (as the name suggests) are among the least sophisticated means of gaining unauthorized access to a network. Rather than exploit weaknesses, they try huge numbers of possible passwords until the right phrase is entered. A timeless strategy.
What makes Roth stand out though is that he uses a primitive method but with a highly innovative (and affordable) technique.
Roth’s latest program uses EC2 to run through 400,000 possible passwords per second, a massive amount that only a few years ago would have required the resources of a supercomputer. He is scheduled to present his findings at next week’s Black Hat security conference in Washington, DC.
Is it just me who is starting to get worried about all these hackers?