| By Robert Vamosi |
Using Amazon’s cloud-based servers, a German researcher claims he can crack your WPA-PSK wireless network encryption in 20 minutes or less.
The risk is real, but you can take steps to protect yourself.
Cloud-based computing gives hackers new tools
At this year’s 2011 Washington, D.C., Black Hat conference (info site), German security researcher Thomas Roth showed attendees software he developed that exposes home-network passwords or passphrases in minutes — not with some clever hack of a new vulnerability, but by using common commercial Web services. In other words, he was hacking in the cloud.
His point? The cost of using commercial Web services, such as Amazon Web Services (AWS), has dropped dramatically. And that makes these powerful computing platforms cheap tools for cyber crooks as well as for legitimate users.
In a Sept. 23 In the Wild story, “Home-router vulnerability revealed at Black Hat,” I described how flaws within router firmware could allow a remote hacker access to your home network. Roth’s method doesn’t use the DNS vulnerability explained in that story. He takes a completely different tack — simply guessing the passphrase that keeps unauthorized users out of your network.
Actually, it’s a fairly sophisticated form of guessing. It’s not just using the list of the most commonly used passwords, for example — a list revealed by a recent Gawker break-in (detailed in Woody Leonhard’s Dec. 23 story, “Check whether you’ve been Gawkered — now!”). Using cloud services, Roth’s software cracks a network by trying 400,000 passphrases per second.