How to Protect your Home and Business Wireless Network from Hackers

If you keep a tab on recent tech news then one news which is buzzing right now is “How Cloud Computing is Used to Hack Wireless Passwords”.

Here is the brief summary of the said news:

German security researcher Thomas Roth has found an innovative use for cloud computing. The innovative use is cracking wireless networks that rely on pre-shared key passphrases, such as those found in homes and smaller businesses. Roth has created a program that runs on Amazon's Elastic Cloud Computing (EC2) system. It uses the massive computing power of EC2 to run through 400,000 possible passwords per second, a staggering amount, seldom known of outside supercomputing circles--and very likely made possible because EC2 now allows graphics processing units (GPUs) to be used for computational tasks. Among other things, these are particularly suited to password cracking tasks.

But how Roth manages to hack wireless network passwords found at homes and smaller businesses is not in essence very clever. It’s brute force to get in. Roth has actually created software that merely generates millions of passphrases, encrypts them, and sees if they allow access to the network. It’s just like a burglar, having thousands of keys of all kinds and trying them to see which one opens a pad lock (not clever for obvious reasons).

But, here comes the clever use of resources available, by the researcher (yes we can still call the expert’s work clever). To try millions of passphrases generated, Roth uses his software supported by Amazon’s Cloud computing. In short, the expert successfully manages to marry the speed of Cloud computing with his software to get in. NOTE: Any data you request while online, like opening a website or using Facebook comes from Big servers called clouds, and as they render to millions of users every second, just like Facebook does, they are lightening fast.

How much time and money is required to hack a password:

As said the expert is clever in employing the theoretically infinite resources of cloud computing to hack a password, when one compares the achievement with the price of computers that are able to run such a crack. Such powerful computers cost tens of thousands of dollars, but Roth claims that a typical wireless password can be guessed by Amazon EC2 (cloud service) and his software in about 6 minutes. He proved this by hacking networks in the area where he lives. The type of EC2 computers used in the attack costs 28 cents per minute, so $1.68 is all it could take to lay open a wireless network.

Very Fast and costing pennies indeed.

Things to do to protect your Home or Business Wireless Network from Hackers

Roth’s application of cloud computing to hack wireless networks in his neighborhood proves that Home and smaller businesses wireless networks are not safe, until some steps are taken to make them secure. Here are things you should do to protect your Home or business Wireless network from getting hacked:

1) Don’t use Pre-shared Key Phrases as password: Roth's intention is just to show that wireless computing that relies on the pre-shared key (WPA-PSK) system for protection is fundamentally insecure. The WPA-PSK system is typically used by home users and smaller businesses, which lack the resources to invest in the more secure but complicated 802.1 X authentication server systems. In simple words, do not use the phrases randomly generated by your wireless service provider. You should prevent yourself from doing so, as the phrases most of the times come from the provider’s database, so if someone like Roth gets his hands on those phrases, he can easily hack the password. So even though the passphrase provided to you can have up to 63 characters (or 64 hexadecimal digits) it’s insecure. As the simple premise that no one has the computing power needed to run through all the possibilities of passphrases is shattered by Roth’s application. Prior to Roth’s hack, that kind of computing power exists right now, at least for weak passwords, and is not even prohibitively inexpensive.

2) Try to choose a theoretically uncrackable password:

To accomplish this trying doing all these things for the new password:

a) First check whether your network relies on WPA-PSK and check that passphrase
b) Try to incorporate more than 20 characters in the new password
c) Include a good variety of symbols, letters and numbers
d) Change the password regularly--monthly, if not weekly
e) Don't use words you might find in a dictionary, or any words that are constructed cunningly by replacing letters with numbers (that is, passwords like "n1c3"); hackers are way ahead of you on such "substitution" tricks.

Passphrases constructed like this are effectively impossible for computers to guess by brute force, even by cloud computing systems running Roth's software, due to the amount of time it would take. --------

No comments