This is not a new concept, and has even been discussed here before. PC World is reporting that a new service is available for all of us. Have a WPA PSK you want to crack? It will cost you $34 and about 20 minutes.
WPA Cracker is a new service launched by the same researcher that has spent time attacking SSL/TLS over the last few years. While the price may be a little high, it certainly represents an interesting shift in activities typically reserved for botnets or universities with large computing resources. Where else could we take this?
Rainbow tables for most hash types are readily available through Bit Torrent, or can be generated with simple scripts and a chunk of time and disk space. But cracking WEP keys is a different animal than a simple rainbow table. Regardless, this is yet another reason why using a simple wireless password is not an acceptable method of security for your home or office.
What would be interesting is to see if certain types of passwords are commonly used to protect these devices. Are they all eight characters with one number? Are they phrases? Do they tie to a geography? From a hacker’s perspective, this would be fantastic data to have for targeted attacks. Marlinspike could stand to benefit financially from both sides of this if he chose, providing a service on the front end, and analytics on the back end.
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC
- Life after G-Suite/Postini