Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud
Table of contents
- 1. How Secure Is Your Wireless Network?
- 2. Test Setup
- 3. Network Security: The First Line Of Defense
- 4. WEP Is Dead, Haven't You Heard?
- 5. Understanding WPA/WPA2: Hashes, Salting, And Transformations
Is your network safe? Almost all of us prefer the convenience of Wi-Fi over the hassle of a wired connection. But what does that mean for security? Our tests tell the whole story. We go from password cracking on the desktop to hacking in the cloud.
We hear about security breaches with such increasing frequency that it's easy to assume the security world is losing its battle to protect our privacy. The idea that our information is safe is what enables so many online products and services; without it, life online would be so very different than it is today. And yet, there are plenty of examples where someone (or a group of someones) circumvents the security that even large companies put in place, compromising our identities and shaking our confidence to the core.
Understandably, then, we're interested in security, and how our behaviours and hardware can help improve it. It's not just the headache of replacing a credit card or choosing a new password when a breach happens that irks us. Rather, it's that feeling of violation when you log into your banking account and discover that someone spent funds out of it all day.
In Harden Up: Can We Break Your Password With Our GPUs?, we took a look at archive security and identified the potential weaknesses of encrypted data on your hard drive. Although the data was useful (and indeed served to scare plenty of people who were previously using insufficient protection on files they really thought were secure), that story was admittedly limited in scope. Most of us don't encrypt the data that we hold dear.
At the same time, most of us are vulnerable in other ways. For example, we don't run on LAN-only networks. We're generally connected to the Internet, and for many enthusiasts, that connectivity is extended wirelessly through our homes and businesses. They say a chain is only as strong as its weakest link. In many cases, that weak link is the password protecting your wireless network.
There is plenty of information online about wireless security. Sorting through it all can be overwhelming. The purpose of this piece is to provide clarification, and then apply our lab's collection of hardware to the task of testing wireless security's strength. We start by breaking WEP and end with distributed WPA cracking in the cloud. By the end, you'll have a much better idea of how secure your Wi-Fi network really is.
I'm currently living in shared accommodation where wireless internet is included in the rent.
Not long after I moved in, we had an incident where we believed an outsider had cracked our WPA protected wi-fi (possible, it's just 2 dictionary words stuck together).
After this, the land lord decided that he'd prevent this from ever happening again. so he changed the wi-fi security policy to be a whitelist of MAC addresses. short of the bad guys physically gaining access to the router, then cracking it's administrator password, we are 100% secure now.
Unless of course he already purloined that information from you when he cracked it and then clones it when brute forcing your router password which is probably "Admin" 1234 or similar.
There is no such thing as 100% secure. Surely reading this you should understand that. Why so smug?
So hardly worth doing then? Perhaps you didn't look up the meaning of "infinitesimally"?
I'm currently living in shared accommodation where wireless internet is included in the rent. Not long after I moved in, we had an incident where we believed an outsider had cracked our WPA protected wi-fi (possible, it's just 2 dictionary words stuck together). After this, the land lord decided that he'd prevent this from ever happening again. so he changed the wi-fi security policy to be a whitelist of MAC addresses. short of the bad guys physically gaining access to the router, then cracking it's administrator password, we are 100% secure now.
What americanbrian said. Also, its a very simple task to spoof a MAC address in Windows, and even simpler in Linux. And you can "see" the mac address of users connected to a certain wifi access point just by sitting nearby with the airodump-ng. Your land lord has infact implemented a useless "increase" in security that does nothing, when in fact - as you can see from this article - all you have to do is replace your WPA password with a much longer one full of random characters.
I always put a mac whitelist in place but as others said, it's just an additional step the hacker has to perform. Just as disabling DHCP to make the intruder use a packet sniffer to find the subnet or even disabling SSID broadcast. Those are only basic stuff you can use to spice it up.
The most effective ones are using the articles advice to create a strong password, radius, a decoy AP, limiting range.
Even WEP being mangled and broken in a few seconds, some countries use a "white picket fence" policy: If that 3-foot fence is shut, with the simplest of locks, you are not supposed to trespass, no matter how trivial it is to do so. Hence, you can sue any trespasser. Not that your wireless network is secure, but you can always sue.
Now, for passwords, you can "salt" your choices of passwords too: use dice. Those D20 RPG dice are even better. Combine a D20 with a coin toss and you can relate all 26 letters of alphabet (well you can go the ASCII table way as well) and you can choose a truly random password. If you lack the imagination, dumb it down to truly random events.
MAC address whitelisting is a BAD idea. My router comes with Mac-address spoofing, explicitly to emulate any MAC address the ISPs may register as mandatory (usually in your pc's NIC), so you can share your bandwidth at home. How illegal it is to mac-lock or to spoof it, it is up to you. Not to mention you having to tell them when you are upgrading your nic or your motherboard...
Disabling DHCP can disrupt some Lan-enabled phones (and other gadgets), just as bad as not providing the SSID name on broadcast. Your mileage may vary.
Those are valid points. Anyone going this way may as well know what they're doing. You only implement the solution if it fits your needs.