Schneier on Security
A blog covering security and security technology.
« Nobody Encrypts their Phone Calls |
| Cory Doctorow Gets Phished »
May 6, 2010
WiFi Cracking Kits
WiFi cracking kits are being sold in China.
Posted on May 6, 2010 at 1:13 PM
• 38 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Sold? So glad to see they are embracing market incentives.
"Security researchers said they did not know of similar kits sold anywhere besides China, "
Because everybody else downloads them for free.
Personally, if the devices were available here, I wouldn't worry too much about my wireless. I live on a dead end street out of town. My laptop picks up 6 other networks in my area, one is open and the other 5 use WEP. I'm the only one in the area that uses anything stronger than WEP, so I suspect unless I'm targeted specifically, I'd be the last one they'd waste their time on. (Why crack any when one is open, and if one isn't open, why crack mine when there are WEP users easier to crack.)
People aren't completely defenseless in this. What you are really defending against is people within the radius of range (or sphere, if it's an apartment). The biggest "risk" would be neighbors who can let a cracker run indefinitely, and even they will chose the path of least resistance. I doubt anyone would sit in their car in front of one's house for hours to attack it. Not when there are businesses with open wireless on every other block.
If one is in or near an apartment, there is a greater universe of attackers. I can see where some wirehead would want to collect networks to do illegal activities on. Even in a highly congested area where one can run software indefinitely, someone is not defenseless either. MAC address filtering can further mitigate attackers. Checking logs can often tell if someone else has been using your connection.
Nothing is fool proof. Wireless can be cracked, MAC addresses can be faked, and it is always possible someone is in range to attack (some areas have more than others).
The key is to make it difficult enough through a combination of encryption, MAC address filtering, changing keys, and reviewing logs, that someone just moves on to an easier target.
"Nothing is fool proof. Wireless can be cracked,"
You're wasting time filtering MAC addresses, and using a sufficiently long WPA2 key is fool proof and isn't going to be cracked. I don't care what cracking software or "kits" you have available.
Looks like they are just bundling Backtrack--a Linux distro that pulls together a lot of open source security tools--with a USB WiFi adapter.
@third: "You're wasting time filtering MAC addresses, and using a sufficiently long WPA2 key is fool proof and isn't going to be cracked. I don't care what cracking software or "kits" you have available."
I don't filter MAC addresses, but I might consider it if I lived in a location that had 100 tenants in my building or within the wireless range. I know it isn't a great control, but if it helps make the attacker work and hopefully move on to another target helps.
I'm sure WPA2 key's can't be easily cracked now, but the pesky little thing about technology is someone usually finds a way eventually.
It is consumer products like this that might eventually convince WiFi vendors to use more secure methods of encryption in their products.
It's amusing how commenters on this blog are so skeptical about security technology, but sometimes so unquestioning of cracking technology.
From the description, it sounds like the only thing this kit can do against WPA2 is a dictionary attack. Use a secure key, and you're at no risk from this, and at very little risk from anything else.
"NobodySpecial" ended the thread in the second comment.
Its the same old story, people targetting the weakest link. I feel sorry for the access point owners who may be getting a knock on the door from the authorities.
The big news here is the $24 wireless adapter, airpcap costs so much more!
Think your WPA key is safe? Cloud computing can bring a 400 CPU cluster to quickly crack your password for a small fee: wpacracker.com a new encryption standard had better turn up soon...
Assuming a cracking tool works... is being skeptical about security technology!
Being skeptical about a cracking tool is being optimistic about security.... Guess how many exploits i have downloaded and have worked first time?
Well over 70%.
@Ape: "Its the same old story, people targetting the weakest link. I feel sorry for the access point owners who may be getting a knock on the door from the authorities."
Especially if the investigators don't know what they are doing. Obviously, if someone has a warrant to investigate someone for illegal internet activity, a examination of the computer and logs should create reasonable doubt. I mean, if there is no evidence of illegal activity on any of the persons computers, plus there is a MAC address on the logs that doesn't belong to the owner of the connection, then it's pretty obvious there is a reasonable chance the connection was hijacked. That doesn't mean he's innocent, it just mean there is reasonable doubt as to whether he is guility.
Unfortunately, investigation doesn't always work that way and many users (and many otherwise good lawyers) don't understand it either.
@greg: Guess how many exploits i have downloaded and have worked first time? Well over 70%.
Yeah, fair security measures are far different than fair cracking tools.
A security measure that works 70% of the time is a failure.
A cracking tactic that works 70% of the time is a success.
A good security measure must have a very high success rate to be useful. A cracking tactic with even a low success rate is useful.
They are related to how vulnerable a target is, but shortcomings in each effect the equation much differently. Flaws in cracking tools don't help security nearly as much as flaws in security measures hurt it.
At 300 keys/sec a brute-force attack against an 8 character mixed lower-case/upper-case/punctuation/digits password will take 96,000 computer-years. That will still cost $92M if you use EC2 to crunch the numbers ($80 per computer-month for EC2 * 96,000 years * 12 months). I doubt my WPA password is worth $92M to anyone else (and my password is longer than 8 characters, so good luck...)
@HJohn at May 6, 2010 3:32 PM
In other words, a poor investigator (or prosecutor) will match the smoking gun (IP address) to its owner and call it a slam dunk. A good investigator (or lawyer) will check to see if there is anyone else's fingerprints on the gun (logs) to see if there may have been another perpetrator.
@Lamont: "At 300 keys/sec a brute-force attack against an 8 character mixed lower-case/upper-case/punctuation/digits password will take 96,000 computer-years. That will still cost $92M if you use EC2 to crunch the numbers ($80 per computer-month for EC2 * 96,000 years * 12 months). I doubt my WPA password is worth $92M to anyone else (and my password is longer than 8 characters, so good luck...)"
Probably not. But I doubt it would take 96 millenium for an increase in both technology speed and attack methods to evolve.
You're quite safe for now. The less skilled user isn't.
Not to mention, sometimes users go to the "lowest common denominator" to get all their wireless devices to work. If a user has a laptop, a Wii, a PSP, and some other wireless contraptions, in order to get them all to work they may have to downgrade to WEP for compatibility.
I know it isn't ideal, but I've suggested this to friends when reasonable. If they have a wireless device that works just fine but the only encryption that is compatible with it, their Wii, and their Laptop is WEP, I don't think it is worth the hundreds of dollars to replace it so that TKIP or WPA2 or the like can be used. Not when their universe of risk is whoever happens to be in a 200 foot radius on a dead end street by a cornfield 5 miles outside of town.
It's all about trade offs.
Here's the AirCrack tutorial on WPA cracking:
"aircrack-ng can ONLY crack pre-shared keys...Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2...The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length."
WEP Tutorial is here:
A cracking tool with a 70% success rate is a success for its user, but not a defeat for all of the targets. That 70% is almost certainly spatially distributed, not temporally distributed. In other words, the crack will eventually work because there are a lot of bad networks out there. That a cracking tool will often be successful means nothing about the value or feasibility of securing your own network. Use WPA2 with a decent key and you will be safe, 70% success rate or no.
I see a lot of comments making a leap from "this tool will work most of the time" to "there's no point in securing your network, because tools like this can crack it anyway". It simply doesn't follow.
"From the description, it sounds like the only thing this kit can do against WPA2 is a dictionary attack. Use a secure key, and you're at no risk from this, and at very little risk from anything else."
My guess is that a dictionary attack will work against most encrypted WiFi networks -- and a fast one at that.
"A security measure that works 70% of the time is a failure. "
Actually, without more information, we don't whether it is a success or not, since we don't know the security target. Security isn't really about preventing anything, it's about raising the bar to success.
Maybe incidents are already rare enough that preventing 70% of them will bring the situation down to the point where insurance can cover the other 30%.
Maybe this is just the cheap, outer layer of a security system that is designed to reduce the load on the more expensive inner layers. For example, a reasonably common technique in CPU constrained comms systems is to have a quick, easy to calculate pre-filter in front of the main crypto component to make denial of service attacks more difficult (you have to crack the pre-filter before you can even get the main crypto unit to pay attention to you).
Maybe you're only interested in deterring the casual "just for the hell of it" attackers, rather than the folks that are serious about it.
Maybe it's a "you only have to outrun the other guy, not the tiger" situation (e.g. car club locks work that way - there are plenty of ways to break them, but they encourage most thieves to steal the next car along and leave yours alone).
Security measures have to be assessed against their goals, and this is an area where a lot of miscommunication can happen. People with different goals will likely have very different assessments of various security technologies.
RSA does an annual WiFi security survey. I'm not sure they did one for 2009 but you can see read the 2007 and 2008 surveys done in NYC, London and Paris here:
From the 2008 summary:
"...overall the adoption of advanced encryption is encouraging. Paris once again led the way, with 72% of access points (excluding public hotspots) found to be using advanced security [something other than WEP]; the numbers in New York and London were 49% and 48% respectively."
"...it is very concerning that one-in-five of all business access points in London continue to be completely unprotected by any form of wireless encryption. This has even slightly deteriorated from 2007 when that number stood at 19%. By contrast, wireless ‘hygiene’ among the business community is far better in both New York (just 3% unencrypted) and Paris (6% unencrypted)"
The state-of-the-art in WiFi security involves MAC-level security (802.1AE) and applying MILS architecture to the problem. MACsec is actually an Ethernet technology that basically does for Ethernet frames what IPSec did for IP packets. It's mainly designed to protect against internal threats or threats that attack the MAC layer. One group used a variant of this for wireless connections.
MILS architecture is a model for splitting a system into isolated components with controlled, very restricted interactions. The model seeks to reduce a systems security policy to the attributes of its components and their communication policy. This architecture and other techniques were applied to build the High Assurance Wireless Computing System (HAWCS). It is a good example of the direction to go in for highly secure wireless networking.
I think wireless security architecture just sucks right now in the commercial space. It wouldn't be all that complicated to make cheap knock-offs of the high security stuff. Start with a default-deny policy for all MAC's. Use something like MACsec for authentication to get on the "Allow" list, but make encryption optional at this level. (Many embedded systems throughput requirements are more important than confidentiality.) Then, encryption is performed with MACSec, 802.11i or IPSec from there. Just hooking up independently trustworthy components in a simple way. The nice thing about using MACsec is that a lot of higher-level overhead is spared when malicious traffic is stopped at the MAC layer. Additionally, crypto workload is often supported by cheap FPGA's.
I forgot to post the usual links in the previous comment that describe MILS architecture. They are below. I often mention or link to MILS because it's the government's current push for high assurance and has more 3rd party tool development/availability/support than any other strategy. It's also conceptually easy to understand and apply to many embedded problems, like phones or wireless security. COTS MILS solutions are available from US, Canadian, German and Australian companies, although only one has passed a high assurance evaluation (INTEGRITY-178B).
MILS on STSC CrossTalk
MILS-like opensource microkernel (good diagram)
Dell's MILS-based MLS workstation
What does the wireless adapter do that is included in the Chinese package, packet injection?
yeah, it sounds like they are just bundling readily available products. So the usb wireless is capable of packet injection and the software includes aircrack-ng.
at first i read that "kids" are being sold... so i wasn't "shocked" from anything coming forth as i read the article :).
interesting marketing idea though... i wonder if such things are more available, some manufacturers will actually force their customers to set up their wifi hardware and not just plug it in an run it with standard ssid and pw...
@Nick Coghlan at May 6, 2010 4:55 PM
I don't disagree. If someone targets you specifically or really know what they are doing then "outrunning everyone else instead of the tiger" won't do much good. Moderate measures on the other hand help against people who just want to freeload or people who just want to use Limewire on a network not associated with them, for example.
The level really pretends on what one is trying to protect and what is in their proximity.
"the level really depends on what one is trying to protect"
I agree with you on that one. It's one of the points I try to promote, particularly using higher assurance software for high value assets. As for wireless, my problem with the wireless vendors is that they kept making risky, custom solutions with little likelihood of success. Because legacy wasn't entrenched, they should have just thrown it out and done something like HAWCS or MACsec. It just takes a cheap/free RTOS, one cheap processor and one cheap FPGA. In low budget designs, the FPGA is optional. I mean, come on...
"My guess is that a dictionary attack will work against most encrypted WiFi networks -- and a fast one at that."
Yup. I've seen that quite a bit in my own little universe, not necessarily specifically to WiFi, but how people get pumped up about the strength of encryption and then render it near irrellevant by using a dictionary word as their password or key.
I know that vendors can't always protect users from themselves, but with all the work and complexity that gets put into security, seems it wouldn't be that difficult--and would go a long way in improving security--if they would bother warning less savvy users that their passwords are weak. Seems it would be easy to compute based on length and content (how many of the following are in it: lowercase, uppercase, numeric, punctuation, etc.).
I know I'm preaching to the choir. I know they may not want to put a big warning on screen that alerts them and anyone watching that "THAT PASSWORD / KEY SUCKS," but seems that wouldn't be an issue to the wirehead next door trying to break in.
When I installed my 802.11g base station / router, the wizard automagically created a 256 bit WPA2 key* (in the form of 64 hex chars, arranged as 16 blocks of 4) to share with other devices in the network. If you try to change this to something simpler, it gives you a lecture about how you are dangerously compromising your security, and how it really isn't that hard to transfer 64 hex chars by pencil and paper as you only have to do it once.
In addition, its on-line help docs have nearly as many security related topics as everything else put together.
Maybe this device is exceptional (it came from a major company), but it seems to me that systems vulnerable to "ceng wang ka" kits consist of:
a) Legacy WEP systems (which have now been obsolete for circa 6 years); and
b) people who stubbornly insist on circumventing the available security, even when the manufacturers have made it as easy as possible to default to strong security.
* It is possible, of course, that the PRNG is defective and some bright spark will come up with an attack that requires significantly fewer than 2^256 operations. However, that PRNG would have to be very, very, very defective before the "ceng wang ka" kits could even glance sideways at it.
These kits are commonly available in Mexico. They sell them for "Security Auditing", but contain only one technique: wep cracking. I once left my residential WiFi with WEP on purpose, to see if some neighbor was a "security auditor". And sure enough, a few day later someone was surfing from my internet connection. I could have sniffed all his communications, but i'm just not that evil.
I live in a multi-unit condominium and my WiFi connection was hacked in the following manner.
A high power "open" WiFi signal overrode my connection on the same channel I was using. My computer automatically switched to the higher signal and malware was installed on my computer from the open connection, without my knowledge. I only noticed this, when I checked the network list of connections, and found I was not connected to my network.
How can this type of hack be prevented from happening?
@ Don C
It sounds like an authentication failure between your PC and access point. In other words, your session was hijacked and your computer didn't look for proof that it was talking to the same router. Good wireless security schemes like WPA2, even WPA with AES, *should* prevent this. Additionally, you should make sure wireless connections are manual rather than automatic. If the connection was spoofed and connection was automatic, you wouldn't know about the rogue access point until it was too late.
Has anyone tested it for lead?
interestring info, I heard Protemac meter nice app too for control network
Many ISPs already provide anti-virus packages as part of their Internet package since viruses have consequences to them.
Probably won't be long before ISP start providing wireless security software as part of their service too, since the cost of freeloaders is real to them. Maybe some are already doing this (heck, maybe mine does, but I'm comfortable with my implementation so I didn't check).
These cracking kits wouldn't do much against WPA2 with a non-trivial key, though.
My company makes a wireless detection program, Who Is On My Wifi, and in researching the market, it's just amazing how many people still have WEP encryption, or no encryption at all.
If ISP's need to do anything, I think just encouraging users to use WPA2 would be the best solution.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.