• Germany's news in English

Hacker cracks W-LAN password in 20 mins using Amazon cloud

The Local · 16 Jan 2011, 13:43

Published: 16 Jan 2011 13:43 GMT+01:00

Facebook Twitter Google+ reddit

Thomas Roth, described in Der Spiegel magazine as an IT security expert, will report on his experiment at next week’s Black Hat DC 2011 hacker conference in Washington.

The holder of a W-LAN password can not only spy on the network’s user, but also use the account to secretly start attacks on other servers, or initiate illegal downloads.

The cloud computing systems run not only by Amazon but also Google and Microsoft effectively rent out computing power. For companies which occasionally need such capacity, the idea is attractive as it saves them from having to invest in powerful computing systems of their own.

The amount of computer power in ‘the cloud’ has grown to enormous proportions – and prices have thus fallen, to between $1 and $2 an hour for the use of a very fast computer.

Roth said he easily used this power to show how a W-LAN password could be cracked.

There is already a service called WPACracker which uses 400 computers in the Amazon cloud at the same time to elicit passwords. Roth said he did not even need to use this – rather, he rented the power of a cluster GPU Instance – a group of four extremely fast computer processors.

This took just 20 minutes to crack the WPA password of his neighbour, who had agreed to the experiment. An improvement in the software could reduce this time to around six minutes, he said – which would cost less than $2.

The software tried 70 million words from a dictionary one after another, in a ‘brute force’ attack to find the password.

The WPA password security system is one of the newest, although it has been superseded by the WPA2 system in the newest WLAN systems.

However, the longer the password, the safer it is – and WPA allows up to 63 letters and numbers to be used. The best idea is to use at least 20 figures, without any recognisable words, but using capital as well as small letters as well as numbers and other signs.

Roth said he will publish his software on the internet – not to enable criminals to use it, but to sensitise people to the security issues.

Story continues below…

“People tell me it is not possible to crack WPA,” he told Reuters newswire. “And if it were possible, they say it would cost a fortune.” But he said it is actually relatively easy.

Amazon said researchers would often use its system in order to show how security systems can be improved. But the firm said it would be an infringement of its conditions of use to compromise the security of a network.

The Local/hc

The Local (news@thelocal.de)

Facebook Twitter Google+ reddit

Your comments about this article

14:03 January 16, 2011 by CaSimone
Uhm??? With all respect, & I know this is suckage, but anyone, can crack into certain applications when someone is on a wireless... below is a must read for anyone on a wireless network with a relatively new "hacker" program called Firesheep;


I have always stuck to cable, wireless has always had issues with not being secure, & now anyone can crack into it Not just Amazon Cloud users.
19:34 January 16, 2011 by 1FCK_1FCK
Do people still use the old WAP? This is like news stating that someone has managed to open a dead bolt lock. Brute force can crack any password given enough time. The only thing this demonstrates is that the amount of time necessary isn't very long anymore.

And there are easier ways to crack your wireless network. All you need is to access the stream of info circling around in the network, and look for the unencrypted password floating around in the data dump. Takes some patience, but so long as you record the dump you just have to look through it at your convenience.

And yes, your wireless network could be broken into, but what are the chances, and then what real damage could they do? Yes, someone could access kiddie porn in your name but, again, what are the odds? The fact that someone can crack a password has no relation to the odds that actual damage will be done.

In 2006 when I was in Hamburg for the WM, I sat downtown & had access to a large number of unencrypted networks. I don't recall any news stories telling us about the awful things that were done by hackers using these networks. Again, the odds that real damage will be done are minimal. Hackers who want to do serious damage don't need to use someone's wifi network. For instance, the recent DDOS attacks by the hacking group "Anonymous" did not occur via someone's wifi network.
09:36 January 17, 2011 by catjones
If a hacker takes the time to crack a password, he'd better take even more time to pick the right victim. Having access to my bank account won't make anyone rich and credit card transactions can be reversed. For most of us a hack is like graffiti...vandalism. It takes effort to clean up. But when governments hack (America+Israel vs. Iran) it's warfare.
13:32 January 17, 2011 by William Thirteen
Firesheep takes advantage of cookies sent through unencrypted HTTP on public WiFi networks such as those found at Starbucks etc. The quickest fix is to use HTTPS instead. Users of Firefox should search for the extension HTTPS Everywhere for help with this.

i think the point of interest here is the leveraging of cloud based computing resources to do the grunt work. other than that the usual instructions apply - the longer your complex password string is, the harderit is to crack.

sometimes size does matter!
09:07 January 18, 2011 by CaSimone
I have not been following the firesheep thing, Didn't realize about the HTTPS everywhere release, thanks.

((Here is link to PC worlds download for anyone reading along.


Still, I hold the same opinion of wireless, outside of casual browsing and such.

I know wireless networks are easier to set up and cost less, but honestly the wiser choice is to stick with cable, bottom line.
15:24 January 19, 2011 by DOZ
What about your Internet Provider. They have access to it all. Remember that all Programmers are potential Hackers. In Canada you are not safe from Cyber Bullies that work for the Providers. Be more affraid of the Providers than some bored Programmer living next door.
05:13 May 4, 2011 by kailash2p
What i think is that people have forgotten the basic principles of life.

If your clothes get too old it is better to throw them and use a new one.

There is no point in keeping your food for a longer period of time unless you have a good storage.

The problem here is that we do not have a proper storage to keep the food in our typical homes.

The bottomline is, change your damn password regularly.

There might be few hackers who want to spend time cracking the password daily.

It doesnt make sense unless they have a software which can crack password within seconds.

However, you might ask what if you forget your new password.

You can always use a password viewer available as free download over the internet ,or you can just reset your network adapter.
Today's headlines
Student fined for spying on women via their webcams
Photo: DPA

Student from Munich fined €1,000 for spying on 32 different computers, using their webcams to take photographs, or record their keyboard history.

This is how much startup geeks earn in Germany
Photo: DPA

A comprehensive new survey of 143 startup founders shows how much you are likely to be earning at a German startup, from entry level all the way up to sitting on the board.

Man dies after beating for peeing near Freiburg church
The Johannes Church in Freiburg. Photo Jörgens Mi/Wikipedia

A middle-aged man from southern Germany has died after being attacked by a group of men who took umbrage with the fact he was urinating in the vicinity of a church.

The Local List
Seven German celebrities with uncanny doppelgängers
Former Berlin mayor Klaus Wowereit and actor Alec Baldwin. Photo: DPA; Gage Skidmore, Wikimedia Commons

Check out these seven look-a-likes of well known German figures - we admit that some are more tenuous than others...

Israel seeks to buy three new German submarines: report
A Dolphin class submarine. Photo: DPA

Israel is seeking to buy three more advanced submarines from Germany at a combined price of €1.2 billion, an Israeli newspaper reported Friday.

Here’s where people live the longest in Germany
Photo: DPA

Germans down south seem to know the secret to a long life.

More Germans identify as LGBT than in rest of Europe
Photo: DPA

The percentage of the German population which identifies as lesbian, gay, bisexual or transgender is higher than anywhere else in Europe, according to a new study.

'Reichsbürger' pair attack police in Saxony-Anhalt
File photo: DPA.

A "Reichsbürger" and his wife attacked police officers on Thursday, just a day after another Reichsbürger fatally shot an officer in Bavaria.

Five things not to miss at the Frankfurt Book Fair
Photo: DPA

From consulting a book doctor to immersing yourself in an author's world with the help of virtual reality, here are five things not to miss at this week's Frankfurt Book Fair, the world's largest publishing event.

Parents who don't get nursery spot for kid entitled to pay
Photo: DPA

The Federal Court of Justice (BGH) ruled on Thursday that parents whose children don't receive placements in nursery care are entitled to compensation.

Sponsored Article
How to vote absentee from abroad in the US elections
10 things you never knew about socialist East Germany
Sponsored Article
Last chance to vote absentee in the US elections
How Germans fell in love with America's favourite squash
How I ditched London for Berlin and became a published author
Sponsored Article
How to vote absentee from abroad in the US elections
12 clever German idioms that'll make you sound like a pro
23 fascinating facts you never knew about Berlin
9 unmissable events to check out in Germany this October
10 things you never knew about German reunification
10 things you're sure to notice after an Oktoberfest visit
Germany's 10 most Instagram-able places
15 pics that prove Germany is absolutely enchanting in autumn
10 German films you have to watch before you die
6 things about Munich that’ll stay with you forever
10 pieces of German slang you'll never learn in class
Ouch! Naked swimmer hospitalized after angler hooks his penis
Six reasons why Berlin is now known as 'the failed city'
15 tell-tale signs you’ll never quite master German
7 American habits that make Germans very, very uncomfortable
Story of a fugitive cow who outwitted police for weeks before capture
Eleven famous Germans with surnames that'll make your sides split
The best ways to get a visa as an American in Germany
jobs available
Toytown Germany
Germany's English-speaking crowd