Amazon cloud can help hack WiFi networks: expert

BOSTON Fri Jan 7, 2011 4:47pm EST

A box from Amazon.com is pictured on the porch of a house in Golden, Colorado July 23, 2008. REUTERS/Rick Wilking

A box from Amazon.com is pictured on the porch of a house in Golden, Colorado July 23, 2008.

Credit: Reuters/Rick Wilking

BOSTON (Reuters) - A security researcher says he has figured out a quick and inexpensive way to break a commonly used form of password protection for wireless networks using powerful computers that anybody can lease from Amazon.com Inc over the Web.

Thomas Roth, a computer security consultant based in Cologne, Germany, says he can hack into protected networks using specialized software that he has written that runs on Amazon's cloud-based computers. It tests 400,000 potential passwords per second using Amazon's high-speed computers.

That leaves businesses as well as home networks prone to attack if they use relatively simple passwords to secure their networks.

Amazon leases time on computers to developers and companies that don't have the money to buy their own equipment, or don't use it frequently enough to justify doing so. Customers include individual programmers and corporate users.

A spokesman for Amazon said that Roth's research would only violate his company's policies if he were to use Amazon Web Services (AWS) and its Elastic Compute Cloud (EC2) computing service to break into a network without permission of its owner.

"Nothing in this researcher's work is predicated on the use of Amazon EC2. As researchers often do, he used EC2 as a tool to show how the security of some network configurations can be improved," said Amazon spokesman Drew Herdener.

"Testing is an excellent use of AWS, however, it is a violation of our acceptable use policy to use our services to compromise the security of a network without authorization."

Roth will distribute his software to the public and teach people how to use it later this month at the Black Hat hacking conference in Washington, D.C.

He said he is publicizing his research in a bid to convince skeptical network administrators that a commonly used method for scrambling data that travels across WiFi network passwords is not strong enough to keep crafty intruders from breaking in to networks.

That encryption method, dubbed WPA-PSK, scrambles data using a single password. If a potential intruder is able to figure out the password, he or she can gain access to computers and other devices on the network.

Roth said that the networks can be broken into if hackers use enough computer power to "brute force" their way into figuring out the passwords that protect networks.

Those passwords were difficult for the average hacker to break until Amazon.com recently started leasing time on powerful computers at relatively inexpensive rates: It takes the processing capability of multiple computers to perform mathematical calculations needed to break the passwords.

The online retailer charges users 28 cents a minute to use machines that Roth used in his attack. It would cost at least tens of thousands of dollars to purchase and maintain that equipment.

Roth said that he used his software and Amazon's cloud-based computers to break into a WPA-PSK protected network in his neighborhood. It took about 20 minutes of processing time. He has since updated his software to speed its performance and believes he could hack into the same network in about 6 minutes.

"Once you are in, you can do everything you can do if you are connected to the network," he said.

Roth said he was not publicizing his discovery to encourage crime, but to change a misconception among network administrators:

"People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so," he said. "But it is easy to brute force them."

(Reporting by Jim Finkle; Editing by Tim Dobbyn, Bernard Orr)