Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Russians start selling Wi-Fi encryption cracker

Even simple WPA passwords are at risk, they claim.

Article comments

The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product.

Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that bit length.

Elcomsoft claims that Wireless Security Auditor 1.0 can perform the same function by capturing traffic from a Wi-Fi connection using a separate packet sniffer, processing the data through up to four high-end graphics cards in order to retrieve the password in a fraction of that time.

Although the software technique behind the software has been around for months, it now has a price - £599 for UK users.

The software supports hardware from either of the leading companies in the field, Nvidia and ATI, specifically the super-fast GeForce 8, 9, and 200, as well as ATI's Radeon HD 3000, with a minimum of 256MB of dedicated onboard RAM, on any version of Windows. The extra processing power simply speeds up the basic dictionary attack method of such software, cycling through combinations at a faster rate.

The company stops short of specifying a time to retrieve a complex password of 8 characters - the minimum allowed by WPA - but admins might infer from running the tool for any length of time that their passwords are at least secure to a minimum standard. Longer passwords, even quite simple ones, would almost certainly be beyond this tool, but therein lies the auditing usefulness of the tool.

One obvious concern is the illegal use of the tool to actually hack Wi-Fi networks, not just ‘test' them.

"Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text," says the company release, confirming the tool is designed to be used with invisible sniffers.

A disclaimer on the website makes this issue more explicit.

"The program that is licensed to you is absolutely legal and you can use it provided that you are the legal owner of all files or data you are going to recover through the use of our software or have permission from the legitimate owner to perform these acts. Any illegal use of our software will be solely your responsibility. Accordingly, you affirm that you have the legal right to access all data, information and files that have been hidden."

The answer is to make sure that the risibly weak WEP (wired equivalency protocol) encryption is not being used by Wi-Fi access points, and that WPA passphrases are more than 8 characters, preferably grown-up randomly-generated hashes created by dedicated tools. Hash generation tools typically exceed 20 characters. Admins should consider themselves warned.



Share:

More from Techworld

More relevant IT news

Comments

Guest said: Theres a newer better tool on the torrents nowdays - it uses a combination of sniffing and active wifi probes to hack anyones password form a regular PC

John said: Whats so hard about WPA passwords i use an easily remembered phrase like NowistheTimeforallGoodMen not a real one This makes it fairly easy to remember and difficult to crack

Andy BJ Low said: Why would anyone ever want to recover a WiFi password If you forget it just stuff a sharp pointy thing up the access point and think of a new one Then tell the lusers its policy to change the key at random times

Dante said: I wander when this will appear in the torrent sites No honor amongst thieves and all the



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *