GPGPU software lets hackers break into Wi-Fi networks

You’ve heard the pitch by now: general-purpose computing on GPUs is the future, and both AMD and Nvidia graphics processors can deliver massive performance increases in tasks like scientific computing and video encoding. Nvidia in particular prides itself in the number of developers that have adopted its CUDA GPGPU programming interface.

Unfortunately, not everybody wants to use GPU power to cure cancer or encode HD video in real time. As HotHardware reports, a Russian company has tapped CUDA to write a “password recovery” tool. Elcomsoft’s Distributed Password Recovery costs $599, and it can reportedly crack passwords for WPA- and WPA2-encrypted Wi-Fi networks, operating systems, Microsoft Office applications, PDF files, and both ZIP and RAR archives.

The Wi-Fi cracking in particular seems ominous. As HotHardware points out, Elcomsoft’s application should run on a simple notebook with a GeForce 8-series or better graphics processor, and it can “crack WPA encryption over 100 times fastest [sic] than with a standard CPU.” We haven’t tested this thing ourselves, so we can’t confirm whether it actually works (or works well), but it could nonetheless cause headaches for companies with internal Wi-Fi networks.

Comments closed
    • pogsnet
    • 11 years ago
      • Synchromesh
      • 11 years ago

      Not your own private wifi. I’m not paying money to my internet provider so some asswipe can crack my router and leech off bandwidth for free. And since public wifi isn’t always available that’s just about what might happen once somebody pirates and distributes this program.

        • Madman
        • 11 years ago

        Don’t worry, WiFi was unsafe from day one.

        • sigher
        • 11 years ago

        So they calculate a week and break your pass, just change t every 3 days and they’ll soon give up.

    • Silus
    • 11 years ago

    Who exactly is surprised by this ?
    GPUs are just better for some type of calculations. Much better actually and we’ve seen that, for example, with PhysX and video encoding. So it was obvious that all this computing power would eventually be used for something like this.

    • stmok
    • 11 years ago

    Hmmm, looking at the product, only the following are GPU accelerated:

    l[<* Microsoft Word/Excel/PowerPoint/Project 2007 (.DOCX, .XLSX, .PPTX, .MSPX) (password recovery - "open" password only)<]l l[<* Windows NT/2000/XP/2003/Vista logon passwords (LM/NTLM) (password recovery)<]l l[<* MD5 hashes (plaintext recovery)<]l l[<* WPA and WPA2 passwords<]l

    • WaltC
    • 11 years ago

    I think that the prospect for ATi/nVidia of having to release umpteen-dozen security patches every month might just be the straw that breaks the gpgpu’s back. I’m not much impressed with the “We can break WPA in mere minutes!” claims–not at all. However, the one thing hackers look for is weaknesses and holes and at the very least they could make things miserable for the aspiring gpgpu companies.

    Personally, the gpgpu publicity has all seemed like a marketing gimmick to me, anyway, but it’s too bad that hackers just won’t leave us alone to enjoy our software. Always a rotten apple in the barrel, isn’t there?

      • Contingency
      • 11 years ago

      Somebody didn’t read beyond than the title. It’s not the GPGPU that’s being hacked.

      • stmok
      • 11 years ago

      Wow! We know who reads articles and who doesn’t!

      This is about using a GPU to crack wireless security mechanisms through brute force.

      GPGPU is a gimmick to you, because you don’t understand its potential applications. I don’t doubt that once you benefit from it directly, you’ll sing a different tune.

    • Forge
    • 11 years ago

    It is possible to crack WPA/WPA2 in a meaningful way, unless backed up by a RADIUS server or similar.

    This announcement however, is mostly meaningless.

    The most time-consuming stage of wifi cracking, be it WEP or WPA, is gathering the packets. CUDA does nothing to that.

    Once you have the packets, it takes a while to process them, but it’s minutes/hours, not days/years.

    computron9000 – Set up a wifi such that a user or two can use it. It is crackable; Fin.

      • Contingency
      • 11 years ago

      l[

    • Draxo
    • 11 years ago

    time to register that mac address to go along with the wep key.

      • Forge
      • 11 years ago

      Heh, MAC addresses are ridiculously simple to spoof. MAC filtering is better than nothing (I used MAC whitelisting + open encrypt for a long time, since security isn’t that important to me), but it’s far from real security.

      Two laptops, one working WLAN being used by at least one user, and twenty-four hours or less. The FBI has been working to get it under 20 minutes for all but a very few configurations, and they generally try to be more covert than a random wardriver.

        • UberGerbil
        • 11 years ago

        I was going to respond likewise, but I assumed he was making a joke.

    • ew
    • 11 years ago

    Let me just be the first to say that if you own an Nvidia graphics card your a commi-terrorist. Thank you and good day.

      • 5150
      • 11 years ago

      I heard Obama uses NVIDIA. I wonder if…

        • ludi
        • 11 years ago

        Mere rumors. The Obama Mainframe is powered entirely by hope and change.

          • grantmeaname
          • 11 years ago

          and Macs.

            • ludi
            • 11 years ago

            Ssshhh. Your plain statements of fact might go against the hope and change.

        • PRIME1
        • 11 years ago

        I hear McCain uses Vacuum Tubes.

          • MadManOriginal
          • 11 years ago

          Vacuum? Because his campaign is sucking so much? *ba-da-bing*

            • 5150
            • 11 years ago

            Whatever! He has them right where he wants them.

            He just doesn’t know where that is, and get off his damn lawn!

    • vdreadz
    • 11 years ago

    All power to the GPU and it’s software development whether it’s for the good of mankind or not! lol….

    • UberGerbil
    • 11 years ago

    Companies with internal WiFi networks should be using VPNs. That’s generally going to use AES, and while it could get brute-forced as well given fast enough hardware (and small enough keys), it’s going to make life a lot harder for the aircracker.

      • swaaye
      • 11 years ago

      WPA1/2 also can use AES so I don’t think there’s much to worry about as long as you use a good key…..

        • ssidbroadcast
        • 11 years ago

        What if your password is “popcorn” ?

          • Scrotos
          • 11 years ago

          Try a different kernel?

            • ludi
            • 11 years ago

            I am ludi, and I endorse this pun.

          • eitje
          • 11 years ago

          then someone from Tennessee used the password reset option on your network to change your password.

          also, he might’ve posted it to 4chan like a dumbass.

        • shank15217
        • 11 years ago

        There are more advanced forms of password cracking that narrows down the search space significantly.

      • ybf
      • 11 years ago

      Didn’t Osama bin Laden just buy a 56% stake in AMD? I thought I heard something like that last week.

        • stmok
        • 11 years ago

        Oh look! A troll!

          • UberGerbil
          • 11 years ago

          Or perhaps someone making a joke in a very lame fashion. Never assume malice where incompetence suffices, etc.

            • sigher
            • 11 years ago

            A tricky stance to take when dealing with politics though, where malice and incompetence holistically merge in a grey Xth dimension.

    • computron9000
    • 11 years ago

    If you use a strong key, this advance means nothing.

    “Brute Force Attack will take up to 128299838271 years”

    I don’t think 100x speed increase will do much good. Someone ran some calculations and suggested that if all the computers Folding dedicated themselves to breaking a WPA with the strongest key you can make, it’d be something along the lines of 64,000 years at present processing speeds.

    This is NOT the death of WPA….

    The joke on Slashdot was “Cracking@Home”…

      • [TR]
      • 11 years ago

      This is the next great benchmark for GPUs!
      “The new nVidia GFGTFX390.5Ultra OC Edition X MkII only took 5yrs to break our 4 character puny grade WPA password. A new low for nVidia after ATi’s record-breaking 5.6yrs of last year.”

        • ludi
        • 11 years ago

        But can it download illegal MP3s while using catchy brigand lingo?

      • Madman
      • 11 years ago

      Depends on how you crack… If you generate rainbow tables on fly and only compare hashes it will take way less. And by the way WPA1-99999 is a joke.

Pin It on Pinterest

Share This