Wifi turvakodeeringu WPA-PSK murdmiseks läheb tavaarvutiga nädalaid või kuid, ent turvaaukude uurija Thomas Roth demonstreeris, kui lihtne on seda häkkida Amazoni võimsate pilveraalidega. Ta kirjutas programmi, pani pilves käima ja murdis krüpteeringu 20 minutiga. See näitab, et jõuga häkkimiseks ei lähe enam vaja hirmkallist riistvara, sest serveri rent läks maksma ainult 3,6 naela (4,3 eurot).
__________________________________________________________
AN INSECURITY RESEARCHER reckons he can hack wireless networks using Amazon's cloud servers that anyone can lease on the Internet.
The insecurity researcher, Thomas Roth said he has broken WPA-PSK wireless encryption using Amazon's powerful cloud-based systems. Roth claimed he wrote a little program on Amazon's servers that churned over 400,000 potential passwords per second. That gave him access to passwords on secure wireless networks that use the latest wireless encryption technology.
Individuals wouldn't normally have the time or resources to do the hack. It takes a lot of computing power that most punters can't afford. But why buy all that expensive computing hardware when you can pop along to Amazon to rent its powerful cloud servers?
For 18 pence per minute, Roth had access to serious number crunching hardware and got hacks that would probably have taken him weeks or months to achieve using a home PC. In fact, it took Roth just 20 minutes of computer time and he said he has already written an even faster programme.
Amazon's excuse is that its server rental service is normally reserved for corporates or programmers rather than individuals. Amazon spokesperson Drew Herdener also told Reuters that the hack breached the company's policy.
"Testing is an excellent use of AWS, however, it is a violation of our acceptable use policy to use our services to compromise the security of a network without authorisation," he said.
Who needs updated encryption when we have policy violations to stop hackers from turning over shoddy security measures?
"People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so," Roth said. "But it is easy to brute force them."
Roth plans to teach people how to use his "brute force" method at the Black Hat conference in the US later this month.
Read more: http://www.theinquirer.net/inquirer/news/1935894/wireless-encryption-hacked-amazons-cloud#ixzz1Cn3t4Xah
Kommentaare ei ole:
Postita kommentaar