Cloud based computing can have a serious impact on the time it takes to perform calculations. We have seen join efforts in the past to use cloud computing in research. But research is not the only area that benefits from the processing power of the cloud.
WPA Cracker is an online service that offers to run a 140 million word dictionary against a WPA handshake that is submitted by the customer. The service is powered by a cluster of 400 CPUs that can perform the brute force attack in a matter of minutes compared to the days it would take otherwise.
The price of the service depends on the the utilization of the cpu cluster. Full utilization comes at $34 which will process the 135 million words in about 20 minutes. The other option is half utilization which will cost half the price but take twice as long as only half of the servers are used in the attack.
This opens up a can of worms as it is now possible to crack passwords in a very short time.
As Dante who tipped us puts it “This is especially good for free wi-fi locations. You can use this to easily set up a man-in-the-middle attack and intercept everyone’s Internet communications. Makes for a great retirement plan – there are always idiots out there who do their finances/purchases in public locations like cafes, hotels, airports, et al.)”.
The service works even for WPA2 if PSK is being used:
Actually, while WPA2 introduced CCMP mode as a replacement for the problematic TKIP, when run with authentication based on Pre-Shared Keys (PSK), it is still vulnerable to dictionary attacks. Our service works against both WPA and WPA2 when PSK is being used.
Disclaimer: Please note that it is illegal to hack someone else’s wireless network. This article merely reports about the new possibility but does not encourage the use of the service for illegal activities (although it likely will be used for that as well).
