How Amazon EC2 Used to Crack Password Wireless Networks

A security researcher will reveal at Black Hat DC how he deployed password-testing software on Amazon EC2 to break into a secured wireless network using WPA-PSK.

Specialized software running over Amazon’s cloud services can be used to crack passwords on wireless networks, said a German security researcher on Jan. 7.

Thomas Roth, a security and software engineering consultant at Lanworks AG, in Cologne, Germany, will be publicizing his research at the Black Hat conference in Washington, D.C., Jan. 16-17.

According to Reuters, the password-cracking software on Amazon’s servers took about 20 minutes of processing time to break into a WPA-PSK protected wireless network in Roth’s neighborhood. Since then, he has updated the tool to cut down processing time to 6 minutes.

WPA-PSK scrambles data flowing on wireless networks using a single password. Once the intruder figures out the password, the network is wide open. The most commonly used encryption for wireless networks, WPA-PSK, can be cracked if the attacker has enough powerful computers testing password combinations, said Roth.

His password-cracking software employs a “brute force” attack, where passwords are deciphered by successively varying combinations of numbers and digits. Weak passwords that are “too short and simple” are particularly vulnerable to this kind of technique, Roth told eWEEK.

Roth’s password-cracking software can test 400,000 potential passwords per second using Amazon’s cloud clusters, according to Reuters.

Anyone can lease computers on Amazon Web Services or Elastic Computing Cloud, which is an inexpensive way to obtain the required processing power. Amazon charged 28 cents a minute for the computers Roth deployed in his research.

Roth will discuss his research at Black Hat later this month to convince network administrators that WPA-PSK is not strong enough to keep out intruders and that they should be using stronger encryption algorithms.

Herdener also noted that Roth’s research isn’t “predicated” on using Amazon EC and can be used on any cloud service. There is ample evidence that criminals can lease botnets very cheaply as well.

This isn’t the first time Roth has used Amazon’s cloud services to prove that inexpensive cloud computing services make it easier and faster for hackers to crack encryptions and passwords. Using a cluster he rented from Amazon for $2.10 per hour, he was able to break the SHA1 encryption algorithm to decipher 14 passwords in 49 minutes in November.

Amazon is “providing a pretty comfortable and large-scale password-cracking facility for everybody,” Roth said.