I’ve debunked the myth that wireless mesh networks are practical before, but the same nonsense came up at the FCC wireless technology workshop and the testimony from the New America Foundation’s Sascha Meinrath went unchallenged. I’ve taken the time to thoroughly debunk this myth once again along with a detailed explanation of why mesh doesn’t work.
For most of this decade, I have worked tirelessly to educate the public and IT on the issue of wireless network security. I’ve debunked all the wireless LAN security myths, published a comprehensive guide to wireless LAN security, clarified the difference between link-layer and VPN wireless security, and alerted IT managers to the real threats against enterprise wireless LANs. Today I’m going to wear my myth busters hat again and alert you to the latest bunk news on the latest WPA cracking method and the irrelevant fear mongering “experts” that are pitching new VPN deployments to replace existing wireless LAN security solutions.
So what really happened?
Russian software company ElcomSoft has created a new bruteforce password cracking solution that leverages General Purpose Graphical Processing Unit (GPGPU) technology to speed up hash computations by a factor of 100. More specifically, they’re using NVIDIA’s Compute Unified Device Architecture (CUDA) compiler to generate software that leverages NVIDIA GPUs. In simpler terms, ElcomSoft is using cheap off the shelf gaming graphics cards to reduce the time it takes to crack passwords.
Note: NVIDIA CUDA is also useful to the scientific community for high performance computing and it can be used to improve video encoding and Photoshop performance dramatically.
What does this mean?
It means any authentication system that relies on password complexity are now 100 times weaker. So if a user’s password normally takes 100 million years to crack, now it “only” takes 1 million year to crack. If your password only took 100 hours to crack, now it takes 1 hour to crack using this new software coupled with some high performance NVIDIA gaming graphics cards.
Who does this affect?
This is NOT a Wi-Fi Protected Access (WPA) specific attack; it’s for any authentication scheme that relies on PSK or Password complexity which affects many VPN solutions as well. If anything, WPA probably has one of the more resilient PSK schemes in use because it was deliberately designed with 100 rounds of SHA-1 hashing to make brute force attacks much more expensive. This affects some VPN and some WPA wireless security implementations.
It generally affects home users who use the home implementation of WPA which uses pre-shared keys (PSK) which are just longer passwords. Some businesses also use WPA in PSK mode so they’re affected to. Some VPN authentication mechanisms like PPTP VPN and some IPSEC VPN implementations that rely on passwords or PSKs are also at higher risk.
It has zero affect enterprise mode WPA deployments which use TLS protected authentication such as PEAP or EAP-TLS. Internal LAN authentication schemes such as NTLM and LDAP are also significantly weakened. SSL authentication schemes are not vulnerable to this particular attack.
What should the affected do?
If you haven’t already done so, make sure you’re using a long enough and random enough password for your PSK. That means you don’t use something out of the dictionary or some variation of a dictionary word or anything else that might be guessed by brute force. My previous minimum recommendation was 10 random alpha-numeric characters which would have taken about 579 thousand years for a single computer to crack. With the new cracking software, it takes a single computer with a high performance gaming graphics card about 5793 years to crack. With 1000 GPU-armed computers, we can cut that time down to 5.79 years but no rational attacker is going to use this method to go after a residential target or even business targets. There are much easier, cheaper, and faster ways of breaking in to a network. If you want to neutralize the new GPGPU threat to passwords, simply add 2 random alpha-numeric characters to your PSK.
Should you switch to VPN wireless security?
First of all, this new crack does not affect most businesses since they should generally be avoiding any authentication scheme that relies on password complexity. Second, read my article on the difference between link-layer and VPN and you’ll understand that VPN has never been the right solution for wireless LAN security. Ignore the “experts” and companies that are trying to sell you a new solution that were never relevant to begin with and use some common sense. Enterprises should be more concerned with the real threats against enterprise wireless LANs.
Update: Looks like Robert Graham independently came to the same conclusions in his blog that this is bunk. He also points out that this only goes 100 times faster with $1000 worth of graphics cards and that FPGA solutions are more feasible. I do doubt the feasibility of using large-scale distributed computing because it can only be targeted on a single wireless LAN at any given time because pre-computed tables only work for a unique SSID because it is used as a SALT in WPA PSK. There are always far cheaper and faster methods than a brute force method for breaking in to any system.
In May, Erratasec founder and researcher David Maynor sent out these pictures to a small security list beaming with joy as if to show off his new baby. He asked us to guess what it’s for and a number of us made some educated guesses. He then tipped us off that the battery on the bottom of the box would run for 5 days and that it was intended to be shipped to a nonexistent person. Well that was all the clues I needed to solve the riddle of the iPhone in a shipping box. Basically, the iPhone is a mini Apple computer running a stripped down specialized version of Mac OS X which is based on UNIX. This allows David to install a set of passive or active wireless reconnaissance or penetration tools on the unlocked iPhone and run it for 5 days on an extended battery. When the box is shipped to a nonexistent person at a company, organization, or government institution, the box will sit in the shipping and receiving area without an owner to claim it until it gets returned to the original shipper which might be some anonymous PO box. Because the iPhone is well within range of the wireless network, it can be remotely controlled via the iPhone AT&T wireless mobile pre-3G data service. Traditionally, the wireless hacker must physically sit near a site in a car or building with a high powered directional antenna aimed at the target site. Having the iPhone in a box inside the building means this would be completely unnecessary which saves on travel and reduces the risk of being caught on site. Discovering the device in passive mode is practically impossible because wireless intrusion detection systems are incapable of analyzing wireless mobile data services. This is the ultimate remote wireless hacking tool which could be used for ethical penetration testing or for criminal purposes and this is the subject of It’s going to be interesting what the state of development is and I’m eager to get an update on whether Developing …
Nathan McFeters has an interesting post (original story from MacRumors) on how Apple and AT&T are using a simple HTTP header from the iPhone as a form of Access Control to grant Apple iPhones free hotspot service. It doesn’t take much to figure out how to spoofed that HTTP header by any computer which will allow you to quickly gain free Wi-Fi service.
But I thought about it for a second and thought hey, it’s no worse than MAC filtering which is universally used at every for-fee hotspots. The right sniffer and the right script can quickly change your MAC address to one that’s already logged in from some other user who already paid to gain access. Just find a user on one end of the terminal, get the MAC address, then go to the other end where you’re waiting for your airplane so that your MAC addresses aren’t conflicting with each other on the same Access Point.
Sigh, I’ve been talking about how to secure a for-fee hotspot with 802.1x more than three years ago but I haven’t seen any takers yet. I’ve also been advocating an anonymous secure hotspot more than a year ago. If you don’t think this is a big deal, read this on sidejacking and read how even SSL doesn’t necessarily solve the problem. Heck I’m in the process of converting www.ForMortals.com to auto redirect everything to HTTPS SSL mode.
Archive for the ‘Wireless LAN’ Category