Cloud cracks home wireless router; giant hammer squishes ant

WLAN exploit is overkill, but proves the concept for other attacks

By  

Given the evidence from the recent hack of Gawker Media, which exposed the email addresses and passwords of more than a million Gawker.com users, you don't really need a lot of exotic, random phrases to crack most accounts.

Among the most common were 12345, password, qwerty, letmein, and trustno1.

Not the kind of security you need a massive grid to crack, even assuming most people use throwaway passwords for sites like Gawker that force them to register but on which they don't do anything important.

But if you can point a weapon like Roth's at a small, insecure home wireless router with WPA encryption, you could also point it at a larger, more secure site running 802.1x authentication.

It wouldn't be subtle, and Amazon presumably wouldn't be shy about helping law enforcement or corporate security ferret out a cracker.

Roth's exploit probably isn't a big threat.

Sophisticated, Eastern-European organized cybercrime gangs probably aren't lining up to use EC2 to help crack the wireless passwords that are otherwise kept securely written on Post-It notes taped to end-users' terminals.

Disgruntled ex-employees, experimenters like Roth, or mildly intrusive and slightly uneducated corporate spies might give it a shot.

It's worth realizing, though, that cloud platforms give ordinary people with ordinary checkbooks access to massively scaled computing resources only big companies or government agencies could afford five or 10 years ago, and not all of them are going to use the cloud just for email.

That may not mean they're about to hit your edge defenses all at once using all the computing resources of the Western Hemisphere.

It does mean having to keep in mind that the cloud may present security problems entirely separate from the risk that data you put in it will disappear or get cracked by someone from outside.

It may mean potential attackers you figured would never have the means to accomplish much suddenly can.

It will take a while for that realization to filter out to non-crackers, in the same way it took a while for normal end users to realize they could walk out with gigabytes of data on USB drives in their pockets.

I don't know what they'll be using cloud-based high-performance clusters to crack when they do figure it out. I'm relatively sure it won't be home-based wireless routers, though.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness