By Robert McMillan
IDG News Service
December 7, 2009
For $34, a new cloud-based hacking service can crack a WPA (Wi-Fi
Protected Access) network password in just 20 minutes, its creator says.
Launched today, the WPA Cracker service bills itself as a useful tool
for security auditors and penetration testers who want to know if they
could break into certain types of WPA networks. It works because of a
known vulnerability in Pre-shared Key (PSK) networks, which are used by
some home and small-business users.
To use the service, the tester submits a small "handshake" file that
contains an initial back-and-forth communication between the WPA router
and a PC. Based on that information, WPA Cracker can tell whether the
network seems vulnerable to this type of attack.
The service was launched by a well-known security researcher who goes by
the name of Moxie Marlinspike. In an interview, he said that he got the
idea for WPA Cracker after talking to other security experts about how
to speed up WPA network auditing. "It's kind of a drag if it takes five
days or two weeks to get your results," he said.