Feeds

Turbo-charged wireless hacks threaten networks

Graphics cards encryption skulduggery

Combat fraud and increase customer satisfaction

The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations ought to apply tighter VPN controls, or abandon wireless networks altogether, in response.

Russian firm ElcomSoft has applied GPU acceleration technology to its password recovery tool to allow PCs or servers running supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than is possible by using conventional microprocessors. Recovery times for Wi-Fi keys are increased by a factor between 10 to 15 in the use of Elcomsoft Distributed Password Recovery in combination with a regular laptop featuring NVIDIA GeForce 8800M or 9800M series GPUs.

By running the same software on a desktop with two or more NVIDIA GTX 280 boards installed, this figure increases to a factor of 100.

We've known for years that the previous generation of wireless encryption, WEP, was vulnerable to brute force attack. The infamous compromise of TJX, which resulted in the compromise of at least 45.7m credit card records, has been traced back to a hack in a weak security retail network with older point of sale terminals running WEP.

Elcomsoft advance makes WPA and WPA2 encryption open to attack. In fact, the software is specifically designed to support "passport recovery" on Wi-Fi networks running either WPA or the newer WPA2 encryption.

The software needs to intercept only a few packets in order to perform a brute force attack, where a huge number of possible passwords are tried in an attempt to stumble upon the correct code. ElcomSoft positions the tool as a means of auditing corporate Wi-Fi networks for inappropriately weak passwords.

The firm is also marketing its technology to forensic and government agencies, as well as data and password recovery services.

The raw horsepower of graphics chips, normally used as 3D graphic accelerators by gamers, can also be applied for a variety of other number-crunching password-breaking uses beyond uncovering WiFi passwords. Elcomsoft Distributed Password Recovery can also be used to recover Windows startup passwords, crack MD5 hashes, and unlock password-protected documents created by Microsoft Office or PDF files created by Adobe Acrobat, according to ElcomSoft.

More about Elcomsoft's tool can be found here.

Security agencies have demonstrated the use of plasma TV components in password cracking. High performance FPGA (Field Programmable Gate Array) chips were applied to crack standard GSM transmissions in as little as 30 seconds, during a demonstration by security researchers Steve Mueller and David Hulton at Black Hat in Washington back in February.

Although government agencies have probably applied similar approaches for some time the programming of FPGA is a tricky process, involving getting to grips with a specialist hardware programming language. Elcomsoft's approach by contrast relies on off-the-shelf software and readily available components.

Security consultancy Global Secure Systems said that the development means Wi-Fi networks - even those running the latest encryption algorithm - can no longer be considered to be secure.

"This breakthrough in brute force decryption of Wi-Fi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data," said GSS managing director David Hobson. "As a result, we now advise clients using Wi-Fi in their offices to move on up to a VPN encryption system as well.

"Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest NVidia cards to speedup decryption on a standard PC is worrying."

Hobson added that the development could spur a step back from wireless to wired network connection in sensitive installation, such as financial services organisations, particularly concerned about data privacy. ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.