Welcome to the home page of Charles N Wyble. Charles is a 24 year old systems guy, hacker and entrepreneur currently living in El Monte CA, with his wife of 3 years.

He is currently employed as a system engineer for Ripple TV with responsibility for a nation wide advertising network.

In his spare time he serves as Chief Technology Officer for the SoCalWiFI.net project, runs a hacker space in the San Gabriel Valley and tries to save the local economy.

Tuesday, November 25, 2008

Cracking as a service - Breaking WPA2/AES PSK wide open for nothing more than the cost of an internet connection

Security has been, currently is and always will be an arms race between vendors/users and the script kiddies.

Let's take an example of the average home Wifi network with a DSL connection in a major United States urban area. These are often targeted by script kiddies.

First there was WEP but we know how laughably weak that was.
Then there was WPA and TKIP. This was hax0red recently.

The current iteration in secure deployments by the average home user (and by that I mean the
average non IT citizen who heard the FBI sponsored boogyman talk about wireless vulnerabilities and asked a friend/relative/geek squad *shudders* to secure the netz) is WPA PSK. The general consensus is "pick a safe passphrase and you'll be fine". Riiight... these are the same people with malware spewing out of there unprotected XP boxen and filling my logs and pipes with garbage.

Lately I discovered CUDA and started researching WPA PSK cracking. Software taking advantage of the massivelly parallel GPUs are readily available with fantastic vendor and 3rd party documentation at a fantastic price point.

The purpose of this post is to address the brain dead thinking that goes something like "well I'm immune because so few people have access to the specialized hardware" or "it requires lots of space and money and anyone with those resources would just black bag my house anyway".

With all the hype about "xyz as a service", how about cracking as a service? A current search turns up one result. Hmmm. Interesting. Yet I'm not the first person to think of this but I appear to be the first person on the net to coin the term in line with the cloud type meaning.

I am now working on a project to build a WPA and GSM cracking as a service system. Stay tuned for more details.

1 comment:

Anonymous said...

Cracking as a service? See http://ebfe.dyndns.org:12080/