Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 08-28-2012, 05:05 PM   #1
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,647
Default How I cracked my neighbor's WiFi password without breaking a sweat

http://arstechnica.com/security/2012...easily-cracked
Chiefcrowe is offline   Reply With Quote
Old 08-28-2012, 07:19 PM   #2
weovpac
Golden Member
 
weovpac's Avatar
 
Join Date: Apr 2000
Posts: 1,381
Default

Thanks
weovpac is offline   Reply With Quote
Old 08-28-2012, 07:46 PM   #3
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 25,959
Default

Interesting read, perhaps I should change my WiFi passwords!
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is offline   Reply With Quote
Old 08-29-2012, 09:25 AM   #4
ichy
Diamond Member
 
Join Date: Oct 2006
Posts: 6,932
Default

Interesting. I was expecting it to be yet another article about how WEP is a joke.
__________________
“Our belief is not a belief. Our principles are not a faith. We do not rely soley upon science and reason, because these are necessary rather than sufficient factors, but we distrust anything that contradicts science or outrages reason. We may differ on many things, but what we respect is free inquiry, openmindedness, and the pursuit of ideas for their own sake.”
-Christopher Hitchens
ichy is offline   Reply With Quote
Old 08-30-2012, 01:20 PM   #5
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 25,959
Default

Quote:
Originally Posted by ichy View Post
Interesting. I was expecting it to be yet another article about how WEP is a joke.
Verizon still deploys FIOS installs with a wifi router pre-configured for WEP, with the passcode printed on the bottom of the router.
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is offline   Reply With Quote
Old 08-30-2012, 01:38 PM   #6
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,647
Default

The last 2 people I saw with FIOS who just got it recently, had it preconfigured for WPA2, so I think they are finally getting the idea..
Chiefcrowe is offline   Reply With Quote
Old 08-30-2012, 02:07 PM   #7
codyray10
Senior Member
 
codyray10's Avatar
 
Join Date: Apr 2008
Location: Michigan
Posts: 546
Default

Interesting read. Would have been better if he was able to do it using free pcap software as opposed to a $2,500 piece of software
__________________
Antec 900 || AMD FX 6300 @ 4.4ghz || Gigabyte 970A-UD3 || HIS IceQ Radeon 7870GHz Crossfire
codyray10 is offline   Reply With Quote
Old 08-30-2012, 03:47 PM   #8
ichy
Diamond Member
 
Join Date: Oct 2006
Posts: 6,932
Default

Quote:
Originally Posted by VirtualLarry View Post
Verizon still deploys FIOS installs with a wifi router pre-configured for WEP, with the passcode printed on the bottom of the router.
Ha, that must be why I see so many WEP networks in my neighborhood.
__________________
“Our belief is not a belief. Our principles are not a faith. We do not rely soley upon science and reason, because these are necessary rather than sufficient factors, but we distrust anything that contradicts science or outrages reason. We may differ on many things, but what we respect is free inquiry, openmindedness, and the pursuit of ideas for their own sake.”
-Christopher Hitchens
ichy is offline   Reply With Quote
Old 08-30-2012, 07:37 PM   #9
ussfletcher
Platinum Member
 
ussfletcher's Avatar
 
Join Date: Apr 2005
Location: MSU at heart
Posts: 2,525
Default

Only made easier by WPS.
ussfletcher is offline   Reply With Quote
Old 08-30-2012, 08:26 PM   #10
MrColin
Platinum Member
 
MrColin's Avatar
 
Join Date: May 2003
Posts: 2,265
Default

I just slip my neighbor a $10 every month.
__________________
"Your heart is in the right place. But still, you are a very disturbed individual."

-Xionide
MrColin is offline   Reply With Quote
Old 09-01-2012, 04:38 AM   #11
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 38,344
Default

Quote:
Originally Posted by VirtualLarry View Post
Interesting read, perhaps I should change my WiFi passwords!
Or leave it open as a community service ;^)
lxskllr is online now   Reply With Quote
Old 09-01-2012, 09:02 AM   #12
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 25,959
Default

Quote:
Originally Posted by lxskllr View Post
Or leave it open as a community service ;^)
I did, until the neighbors started torr3nting, and I couldn't even use my own DSL connection.
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is offline   Reply With Quote
Old 09-01-2012, 09:47 AM   #13
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 38,344
Default

Quote:
Originally Posted by VirtualLarry View Post
I did, until the neighbors started torr3nting, and I couldn't even use my own DSL connection.
DSL's a meager resource to share. I wouldn't be as inclined to leave it open on DSL. Setting aggressive QOS on the router could help, but DSL's barely acceptable for one person, much less multiple people.
lxskllr is online now   Reply With Quote
Old 09-01-2012, 10:52 AM   #14
seepy83
Platinum Member
 
seepy83's Avatar
 
Join Date: Nov 2003
Posts: 2,025
Default

Quote:
Originally Posted by lxskllr View Post
but DSL's barely acceptable for one person, much less multiple people.
That's a pretty bold statement to make. I get between 10 and 20 Mbps on VDSL (att Uverse)...I don't see how that's "barely acceptable".
seepy83 is offline   Reply With Quote
Old 09-01-2012, 12:07 PM   #15
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 38,344
Default

Quote:
Originally Posted by seepy83 View Post
That's a pretty bold statement to make. I get between 10 and 20 Mbps on VDSL (att Uverse)...I don't see how that's "barely acceptable".
I haven't been following the tech that closely, and didn't know DSL went that fast. Might be due to my local experience. I think it tops out around 3mbps around here.
lxskllr is online now   Reply With Quote
Old 09-01-2012, 10:22 PM   #16
Paperlantern
Platinum Member
 
Paperlantern's Avatar
 
Join Date: Apr 2003
Location: Server Room
Posts: 2,147
Default

20 is petty robust. I use cable and only just recently bumped from 8Mbps up to 15Mbps, though for some reason they doubled my upstream which was nice for my FTP and Minecraft servers. My old D-Link only supports WPA. I've been looking at current models recently. I'm taking CISSP soon and it's opened my eyes and interesting this type of stuff. I had a really terrible setup before. I would only deter he people that stop trying when they see the lock icon, lol
__________________
Heat
My Security Twitter
All Tips are appreciated:
RDD- Re4SwLasDUtPqgeuAuQowdiJbMh7KMkEHX | LTC- LQ7YSPcXSsqWxAhhpnpRnZb7qgtkqXCtfn
Paperlantern is offline   Reply With Quote
Old 09-25-2012, 10:12 AM   #17
Jeffg010
Diamond Member
 
Jeffg010's Avatar
 
Join Date: Feb 2008
Location: Pittsburgh
Posts: 3,236
Default

So the moral of the story is not to use Wireless? I run all wire in my house.

and below was a comment that states it does not even matter what your passkey is.

"This is all well and good, but one thing to keep in mind: if you have WiFi Protected Setup (WPS) enabled on your router (and you likely do if you bought a router in the past 4-5 years), it makes no difference how long or complex your WPA/WPA2 passkey is. If it is enabled, WPS can be easily cracked within 24 (or less in many cases) hours by breaking down the 8-character PIN into 2 halves, and cracking those halves. The 8th digit is actually a checksum of the first 7, so really you only have to guess the first 7. This amounts to 11,000 (!) possible combinations. Once cracked, your program of choice can request the full, unencrypted, plaintext WPA/WPA2 passkey, without ever having to touch it.

Oh, and this can all be done with free, open-source, readily available software, and requires very little hardware power.

Edit: Also, looking at the screen cap of the list of APs - many of them show WPS(ON). This makes an even stronger case for WPS cracking, as it takes less time, and you don't have to buy expensive software or spend lots of money on renting out EC2 servers to crack the WPA passkey."
Jeffg010 is offline   Reply With Quote
Old 09-25-2012, 02:04 PM   #18
PrincessFrosty
Golden Member
 
Join Date: Feb 2008
Location: UK
Posts: 1,422
Default

It's up to 24Mbit in the UK on ADSL2, but it depends on line quality and you need to be a few hundred meters from the exchange or less to get max speed, it drops off really fast, even inner city folks get pretty lame speeds of 10-15Mbit.

Fibre is the way to go, or what I have which is hybrid fibre coax cable from Virgin Media, 50mbit soon to be 120Mbit.
__________________
Intel 2600k @ 4.9Ghz || ThermalRight TRUE Spirit 140
16Gb PC3-12800 || 2x MSI GTX580 Twin Frozr II in SLI
Dell 3007 WFP-HC 30" || BenQ XL2420T 24" 120hz
PrincessFrosty is offline   Reply With Quote
Old 09-25-2012, 09:55 PM   #19
bononos
Platinum Member
 
Join Date: Aug 2011
Posts: 2,556
Default

Quote:
Originally Posted by Jeffg010 View Post
So the moral of the story is not to use Wireless? I run all wire in my house.
...........
...........
I don't think there are problems with WPA2, its only WPS that needs to be turned off.
bononos is offline   Reply With Quote
Old 09-26-2012, 01:58 AM   #20
MrColin
Platinum Member
 
MrColin's Avatar
 
Join Date: May 2003
Posts: 2,265
Default

Quote:
Originally Posted by bononos View Post
I don't think there are problems with WPA2, its only WPS that needs to be turned off.
It is crackable with freely available software. Using paid software and services it takes less time.
__________________
"Your heart is in the right place. But still, you are a very disturbed individual."

-Xionide
MrColin is offline   Reply With Quote
Old 09-26-2012, 07:53 AM   #21
bononos
Platinum Member
 
Join Date: Aug 2011
Posts: 2,556
Default

Quote:
Originally Posted by MrColin View Post
It is crackable with freely available software. Using paid software and services it takes less time.
Yes there are free crackers easily available but WPA2 PSK is not broken as WEP so brute forcing with cloud services is still impractical if the password is long enough.

http://www.tomshardware.com/reviews/...ck,2981-8.html
http://www.tomshardware.com/reviews/...k,2981-10.html
bononos is offline   Reply With Quote
Old 09-26-2012, 08:13 AM   #22
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,162
Default

The passwords he captured were all lower case, plain jane type passwords. I'd like to see what he does with something we can think up.

something like: .@ssw0rd:1s:N0t:Th3@ssw0rd:.

FYI, that's not one of my passwords
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Old 09-26-2012, 10:23 AM   #23
PrincessFrosty
Golden Member
 
Join Date: Feb 2008
Location: UK
Posts: 1,422
Default

Quote:
Originally Posted by ch33zw1z View Post
The passwords he captured were all lower case, plain jane type passwords. I'd like to see what he does with something we can think up.

something like: .@ssw0rd:1s:N0t:Th3@ssw0rd:.

FYI, that's not one of my passwords
Password complexity is irrelevant with the WPS weakness, you don't attack the password you attack the unique WPS ID of the router which is essentially a 7 length numeric only key, it's something like 11,000 different combinations, once you've got it the auth info is sent directly back to you.
__________________
Intel 2600k @ 4.9Ghz || ThermalRight TRUE Spirit 140
16Gb PC3-12800 || 2x MSI GTX580 Twin Frozr II in SLI
Dell 3007 WFP-HC 30" || BenQ XL2420T 24" 120hz
PrincessFrosty is offline   Reply With Quote
Old 09-26-2012, 10:28 AM   #24
ch33zw1z
Lifer
 
ch33zw1z's Avatar
 
Join Date: Nov 2004
Location: Ten Forward
Posts: 13,162
Default

Quote:
Originally Posted by PrincessFrosty View Post
Password complexity is irrelevant with the WPS weakness, you don't attack the password you attack the unique WPS ID of the router which is essentially a 7 length numeric only key, it's something like 11,000 different combinations, once you've got it the auth info is sent directly back to you.
I read it as though he wasn't attacking WPS, but the authentication itself.
__________________
Heatware

ch33zw1z is offline   Reply With Quote
Old 09-26-2012, 11:40 PM   #25
bononos
Platinum Member
 
Join Date: Aug 2011
Posts: 2,556
Default

I only mentioned WPS because the previous poster in my OP mentioned that wireless was risky which it isn't, well relatively speaking.

The article in the OP did not reveal any major problems in the WPA/WPA2 protocol, it was talking about cloud cracking WPA/WPA2 12 and 14 char (all lowercase) passwords in seconds. The passwords were weak because they used common words in the dictionary. WPA2 is quite secure since it uses salting and key stretching, its not that great now (with gpgpu and cloud cracking) but should be reasonably secure with long passwords which it supports - up to 63 or 64 char. I'd be worried if routers truncate long passwords in the encryption but that is a different matter.
bononos is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:13 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.