Amazon servers used to crack Wi-Fi passwords

Security expert Thomas Roth has used Amazon’s EC2 cloud computing service to break the Wi-Fi protected access (WPA) encryption method often used to store Wi-Fi passwords. Roth took advantage of Amazon’s new graphics processing unit (GPU) clusters to crack his neighbour’s network in 20 minutes, and now says an updated version of his software could do the job in 6.

WPA stores passwords using an algorithm known as SHA-1, which has already been shown to be insecure, but Roth didn’t actually exploit this kind of insecurity. Instead, he brute-forced the algorithm by running through around 400,000 passwords per second in an attempt to find the correct password – and he plans to increase the speed to 1 million passwords per second.

Roth says that GPUs are hundreds of times faster than standard quad-core central processing units (CPUs) when it comes to cracking SHA-1, and Amazon provides a cluster of these processors for $2.10 per hour, allowing Roth to break into a Wi-Fi network for a theoretical cost of just 21 cents per password – though the cost is likely to be higher as Amazon charges per complete hour. He plans to release the tool he used at the Black Hat hacker conference in Washington DC next week.

While Roth’s work suggests that Wi-Fi networks are now at risk, he has so far only tested the techniques on passwords up to six characters in length. People who use WPA to protect their Wi-Fi are advised to use a minimum password length of eight characters – passwords can be anything up to 63 characters long. Each additional character makes a password roughly 100 times stronger, so the system is still very secure if used correctly.

Protecting your network with WPA isn’t even strictly necessary, as modern Wi-Fi devices can also use the higher-security WPA2, which employs a more advanced algorithm than SHA-1, though older devices are unsupported. In other words, your network is still pretty safe.

What’s more interesting is Roth’s use of Amazon’s cloud service. Cracking WPA in the cloud has been done before - WPACracker offers to find a WPA password in under 20 minutes at a cost of $35 – but Amazon’s computing power allows the job to be done much faster and cheaper. Amazon spokesman Drew Herdener told Reuters that using Roth’s technique on the company’s servers would be a violation of its acceptable use policy, but it has so far taken no action against him.

Now that Roth has demonstrated how people can easily and cheaply command the power of a small supercomputer, should Amazon be actively policing the use of its services? And did it ever anticipate that selling spare server capacity could lead to these kinds of applications? The company recently decided to stop hosting WikiLeaks on its servers due to terms-of-service violations, leading to unsuccessful retaliation by the internet activists Anonymous.

Could cracking down on hackers lead to further action against the not-so-humble bookseller?

An Amazon spokesperson said: ‘It is a violation of our acceptable use policy to use our services to compromise the security of a network without authorisation.’

Advertisement