The latest graphics cards have been used to break Wi-Fi encryption far quicker than was previously possible. Some security consultants are already suggesting the development blows Wi-Fi security out of the water and that corporations ought to apply tighter VPN controls, or abandon wireless networks altogether, in response.
Russian firm ElcomSoft has applied GPU acceleration technology to its password recovery tool to allow PCs or servers running supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than is possible by using conventional microprocessors. Recovery times for Wi-Fi keys are increased by a factor between 10 to 15 in the use of Elcomsoft Distributed Password Recovery in combination with a regular laptop featuring NVIDIA GeForce 8800M or 9800M series GPUs.
By running the same software on a desktop with two or more NVIDIA GTX 280 boards installed, this figure increases to a factor of 100.
We've known for years that the previous generation of wireless encryption, WEP, was vulnerable to brute force attack. The infamous compromise of TJX, which resulted in the compromise of at least 45.7m credit card records, has been traced back to a hack in a weak security retail network with older point of sale terminals running WEP.
Elcomsoft advance makes WPA and WPA2 encryption open to attack. In fact, the software is specifically designed to support "passport recovery" on Wi-Fi networks running either WPA or the newer WPA2 encryption.
The software needs to intercept only a few packets in order to perform a brute force attack, where a huge number of possible passwords are tried in an attempt to stumble upon the correct code. ElcomSoft positions the tool as a means of auditing corporate Wi-Fi networks for inappropriately weak passwords.
The firm is also marketing its technology to forensic and government agencies, as well as data and password recovery services.
The raw horsepower of graphics chips, normally used as 3D graphic accelerators by gamers, can also be applied for a variety of other number-crunching password-breaking uses beyond uncovering WiFi passwords. Elcomsoft Distributed Password Recovery can also be used to recover Windows startup passwords, crack MD5 hashes, and unlock password-protected documents created by Microsoft Office or PDF files created by Adobe Acrobat, according to ElcomSoft.
More about Elcomsoft's tool can be found here.
Security agencies have demonstrated the use of plasma TV components in password cracking. High performance FPGA (Field Programmable Gate Array) chips were applied to crack standard GSM transmissions in as little as 30 seconds, during a demonstration by security researchers Steve Mueller and David Hulton at Black Hat in Washington back in February.
Although government agencies have probably applied similar approaches for some time the programming of FPGA is a tricky process, involving getting to grips with a specialist hardware programming language. Elcomsoft's approach by contrast relies on off-the-shelf software and readily available components.
Security consultancy Global Secure Systems said that the development means Wi-Fi networks - even those running the latest encryption algorithm - can no longer be considered to be secure.
"This breakthrough in brute force decryption of Wi-Fi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data," said GSS managing director David Hobson. "As a result, we now advise clients using Wi-Fi in their offices to move on up to a VPN encryption system as well.
"Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest NVidia cards to speedup decryption on a standard PC is worrying."
Hobson added that the development could spur a step back from wireless to wired network connection in sensitive installation, such as financial services organisations, particularly concerned about data privacy.
By John Leyden