Hacker to use cloud for brute force WiFi crack

A security researcher claims to have figured out a quick and inexpensive way to break a commonly used form of password protection for wireless networks using powerful computers that anybody can lease from Amazon.com over the Web.

Thomas Roth, a computer security consultant based in Cologne, Germany, says he can hack into protected networks using specialised software that he has written that runs on Amazon's cloud-based computers. It tests 400,000 potential passwords per second using Amazon's high-speed computers.

That leaves businesses as then as home networks prone to attack if they use relatively simple passwords to secure their networks.

Spokesman for Amazon said that Roth's technology

A spokesman for Amazon said that Roth's technology would only violate his company's policies if he were to use Amazon Web Services and its Elastic Compute Cloud computing service to break into a network without permission of its owner.

"Nothing in this researcher's work is predicated on the use of Amazon EC2. As researchers often do, he used EC2 as a tool to show how the security of some network configurations can be improved," said Amazon spokesman Drew Herdener.

Excellent use of AWS

"Testing is an excellent use of AWS, but, it is a violation of our acceptable use policy to use our services to compromise the security of a network without authorisation."

He said he is publicising his innovation in a bid to convince skeptical network administrators that a commonly used method for scrambling data that travels across WiFi network passwords is not strong enough to keep crafty intruders from breaking in to networks.

That encryption method, dubbed WPA-PSK, scrambles data using a single password. If a potential intruder is able to figure out the password, he or she can gain access to computers and other devices on the network.

Roth said that the networks can be broken into if hackers use enough computer power to "brute force" their way into figuring out the passwords that protect networks.

Roth said that he used his software and Amazon's cloud-based computers to break into a WPA-PSK protected network in his neighborhood. It took about 20 minutes of processing time. He has since updated his software to speed its performance and believes he could hack into the same network in about 6 minutes.

Roth said he was not publicising his discovery to encourage crime, now to change a misconception among network administrators: