Wi-Fi hacking: don't panic yet

Posted on 11 Jan 2010 at 15:24

Davey Winder finds himself unfazed by recent high-profile Wi-Fi hacker, but has no sympathy for the naive

Researchers in Japan have managed to smash through wireless router WPA encryption barriers in less than 60 seconds, demolishing the previous record of 15 minutes for a WPA crack.

This is worrying in that the previous time was for a fairly small number of routers only, while the new method is said to work for a much broader range of hardware. But am I actually quivering in my flip-flops as a result? Well, no, not really, because I’d have to say that anyone who’s still using WPA to protect their wireless network must have nothing worth protecting, and doesn’t deserve my sympathy if they lose what they do have.

If you have your best brain switched on and a few hours to kill, Google for “A Practical Message Falsification Attack on WPA” to get the full report. The methodology used by these Japanese researchers, as I understand it, would seem to build upon earlier attack vectors that targeted the TKIP algorithm employed by older WPA-only routers.

I’d have to say that anyone who’s still using WPA to protect their wireless network must have nothing worth protecting

Even if you’re still using such a device, most of them can be upgraded to WPA-with-AES without much hassle – and AES, along with WPA2, would appear to be safe from this attack. The chances are that your router is better equipped than you imagine, seeing as all Wi-Fi-certified products have needed to support WPA2 for the past three years in order to receive that certificate.

Not that WPA2 itself is bullet-proof: far from it if the Russians are to be believed. ElcomSoft, a member of the Russian Cryptology Association, has developed a product that can combine readily available and relatively cheap graphics cards from ATI and Nvidia to accelerate the “recovery” of WPA2 encryption passwords.

Taking a step beyond the capabilities of the Distributed Password Recovery software that came before it, its Wireless Security Auditor software offloads the computationally heavy processing load onto the graphics processor chips fitted in ATI’s HD cards and certain Nvidia GeForce cards, and I’m led to believe that using such a combination of parallel processing hardware can reduce cracking times by a factor of several hundred per cent.

Take a card such as Nvidia’s GeForce GTX 280, which can process hundreds of billions of fixed-point calculations a second; add an extra 1GB of video memory and 240 processing units; now double up by throwing in a second similarly equipped card (the software apparently supports up to four cards at a time) and all of a sudden you have something like a supercomputer on a domestic budget. Okay, you’ll still need to invest well over a thousand quid to enter this shady world, but that’s small potatoes for a determined hacking gang.

I’m still not panicking, though, because as long as you’re sensible in your choice of password/passphrase and have booted TKIP out the door where it belongs in favour of an AES approach, I really don’t think there’s too much to be concerned about. After all, the ElcomSoft product has been on the market for over a year now and I’m not receiving reports of any great increase in successful Wi-Fi encryption hacking exploits.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

User comments

Relax

Well, I'm glad you're telling everyone with AES to relax in the belief that their systems are safe. If I was a hacker, I wouldn't tell the world about my hacking exploits either.
I'd much rather a journalist was letting everyone know, that everything's fine!!!

By Steve_Adey on 11 Jan 2010

Disappointed in you, Davey

Oh dear. Davey, for the first time I can remember - and I can remember right back to the Amiga and painted face days - I think you've lost the plot a bit.

"I’d have to say that anyone who’s still using WPA to protect their wireless network must have nothing worth protecting, and doesn’t deserve my sympathy if they lose what they do have" So Mr Joe Public User should know this - despite for the last 6 years or so being told to use WPA and not WEP, he is suddenly expected to know WPA is insecure. How? By telepathic osmosis? I'd venture a guess that even know most techies still believe WPA to be reasonably secure, even against rainbow attacks, as most known exploits needed RT tables to be salted with a matching SSID. GPU-based code is relatively new, and there are a limited number of distributed attack sites. Sure, its not hard to put a botnet/DC on the task, but botnet access costs money... you have to factor in whether the data in your network is likely to be of interest to anyone (home networks.. not really) who has the financial resurces AND access to a botnet.

£1000 on graphics cards to do this? I presume thats PCI-e? Plus the cost of a motherboard that can physically accomodate 4 16x PCIe cards. OTOH, try a slightly older machine running 4 x PCI cards with Nvidia 280 based PCI cards, which go on ebay for as little as £20. Now a bunch of them and yeah, the slightly more geekier wifi hacker can build a fairly beefy attack box for peanuts.

But, again, before doing a Cpl Jones, its always always always worth doing a ground up assessment; what data do I have, how much is it worth, and what are the REAL risks. Process and employee training is often the far greater weakness, not imagined nefarious network nay-do-wells.

By alan_lj on 14 Jan 2010

sniffing out packets

I still use WPA PSK, although admittedly I am a nobody, so no-one would bother me. In anycase, you're going to need to monitor a regular flow of data packets for quite some time to nab a network's password, and then it's not a guarantee. If you change your password regularly, use MAC address filtering, then 99.9999% of everyday folks will be alright. A storm in a teacup, I reckon, but an interesting article nonetheless.

By monkface on 25 Jan 2010

MAC filtering?

forget it. If you have an active connection the MAC address can be seen and it is trivial to spoof.

By Penguat on 9 Feb 2010

Quote"because I’d have to say that anyone who’s still using WPA to protect their wireless network must have nothing worth protecting"

I have to say I think that this is a wholly irresponsible statement. It would be easy to stab me through the heart whenever I leave home, should I need to worry myself about having effective protection in place, I think not.
My network is WPA with TKIP because that's all my Cisco router offers. However should I be worried in a place with low population density and several WEP routers showing via Inssider. Fact is I don't really have anything on my computer that I would be that worried about anybody seeing, all credit card details are sent via https pages and I wouldn't dream of doing any online banking or finance because time and again the weakest link has been at the Banks end, with their security compromised- look at the Argos fiasco for instance. what we need here is robust legislation to protect against computer based criminal actions that is robustly enforced.

By stokegabriel on 9 Mar 2010

Mind your arithmetical language ...

"reduce cracking times by a factor of several hundred per cent."

Erm. Why not "by a factor of two or three".

Reducing things by hundreds of percent usually gives the wrong answer.

By mike0whit on 29 Mar 2011

Leave a comment

You need to Login or Register to comment.

Davey Winder

Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.