WPA encryption gets hacked; Wi-Fi no longer secure
Wi-Fi is no longer a secure form of wireless communication, so says Global Secure Systems. According to their report, a Russian firm has harnessed the GPU processing power of the latest NVIDIA graphics card to accelerate Wi-Fi password recovery times by 10,000 percent. David Hobson, managing director at GSS elaborates by saying,
“Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time – and presumably employed by relevant government agencies in extreme situations – but the use of the latest NVidia cards to speedup decryption on a standard PC is extremely worrying.”
The article unfortunately lacks some key details about the configuration of the WPA/WPA2 encryption that was hacked and the length of time it took for the encryption to be broken; leaving us a little in the dark about the extent of this threat. Nonetheless, individuals and companies that rely on wireless networking may want to follow this report to see if it is confirmed or debunked. Wouldn’t want you to bury your head in the sand and sit complacent while your neighbor’s kid with his uber-gaming rig hacks into your Wi-Fi network and steals Sarah Palin’s email. That could land you up to 5 years in jail. D’oh!
Shouldn’t this be titled “Russian Firm Speeds Up WPA Hacking With Graphics Card”? Brute force WPA and WEP hacking has been around for a little while.
It’s likely this attack is valid for only short WPA/WPA2 keys — I would guess based on the way in which the passphrases are composed, that 12 character random passphrases would likely still defeat the computational power possible here outside of governmental use. A 20-character passphrase composed of words not found in dictionaries is likely (as theorized back in 2003) still resistant to multi-hundred-year attacks at the highest level.
We’ll see, though. WPA/WPA2 Personal was designed to increase in cracking complexity based on key length.
then my WPA key is extrememely difficult to guess, nearly zero chance to guess
this is simple to create: just hit the keyboard randomly till 63 characters are filled
is it possible to guess these keys randomly generated?
jacpow3ru89c3mpw0q94mopqixeruc0qxu9pc8opqicy902qc58tyx3c89m8of
not really you can get aportion of the key thorgh capturing packets WPA has been hackable for quite some time now.
theres even a youtube video on cracking wWEP and WPA
Mingkee is right. Stronger passwords equals exponentially more time needed to crack a WPA2-PSK AES network. Sure, this guy notes 10,000 times more efficient, but when it takes 60 days to decode “HotNippleChops” from a WPA-PSK TKIP network, the feasibility just isn’t there.
That and you still need a human capable utilizing such a rig with the malice forethought and intent on breaking a WPA network. Something tells me that somebody is bound to notice the pimple-faced Carnegie Melon grad student in the Ford Fiesta parked outside the World Bank for a week straight with 19 cases of Mountain Dew and 124 boxes of Cheetos with neon green Alienware rig running in the back seat.
MadMike,
Don’t forget the Hot Pockets!
It’s not 10,000 times more efficient. It’s 10,000% more efficient. That number was used because it sounds a lot more impressive than something merely 100 times more efficient. Improving performance by two orders of magnitude is impressive, but it still means that decent key strengths are going to be practically uncrackable for the foreseeable future.
@ mad mike you don’t slur trafic from the bank you slurp it form walgreens account numbers and pins galore happend in tucon 4 moths ago a ton of welsfargo users had to have ALL ther cards deactivated an had new ones reissued to them
If they can do this with a simple NVIDIA chip what says the PS3 chip?
@Galvatron: Yeah, my wife just got a notice from the Spa she goes to that they had a “breach” and credit card numbers were loosed. Luckily we already canceled that account months ago because the “miles” they promised were BS.
This article is sensationalist nonsense. If 100x improvement of a bruteforce attack suddenly makes this a practical attack, then WPA PSK was never secure to begin with.
… to say nothing of the fact that the article makes no mention of EAP.
Wep/wpa have been crackable for a while. This is nothing new
Wpa2 is still very secure and hasn’t been cracked with the use of any semi complex password
the original aritcle mentions WPA/2… both…
Forgive me if my math is wrong, but let me toss this out there
So if a regular WPA takes 60 days to hack, it’s 1440 hours.
if you increase speed to 100% its 720 hours
if you increase speed to 1000% its 14.4 hours
if you increase speed to 10000% its 1.44 hours
Based on that, since you didn’t use any number in your “HotNippleChopps” I can reduce the time spent hacking by 10/36th, which brings me 1.04 hours.
Happy Hacking