December 07, 2009, 7:31 PM — Wi-Fi systems are always vulnerable to being broken into. I mean, just think about, anyone can pick up your Wi-Fi signal. On top of that many Wi-Fi security systems have long been busted. But, not there's a 'service' that claims it will help you break into relatively secure systems for $34. What a deal!
The service, WPA Cracker is designed to bust Wi-Fi networks that use PSK (pre-shared key), also known as Personal mode, WPA (Wi-Fi Protected Access). Chances are if you you're using WPA security in your SOHO (small office/home office) or small business network, you're using Personal mode. I know I do.
In WPA-PSK, everyone uses the same WPA password. This password is then encrypted using a 256-bit key. That's enough to stop casual attackers, but these days, you don't really need much technical expertise to bust WPA if you're lazy about your passwords. For example, the Church of WiFi has gathered together the most commonly used WPA passwords in look-up tables, also known as rainbow tables to make it easier to break WPA passwords when they're found on the 1,000 most popular SSIDs (Service set identifier, the broadcast name of a Wi-FI Access Point).
The core-problem with WPA-PSK is that it you use common words or combinations, 'my-password' for example, you've opened the door to a brute-force attack. All an attacker need do is work their way through a dictionary, or table, of common phrases and, with the right program and a fast computer, they'll eventually stumble over it.
Still, as you can tell using the above as a starting point, you need to at least know how to use basic Wi-Fi cracking tools to get anywhere. That's not the case with WPA Cracker.
To use WPA Cracker, you just use a simple program to grab the WPA "handshake" the initial conversation between a PC and its WPA-PSK protected AP (Access Point) and send that data, and $34, to the WPA Cracker Web site and they do the rest.
And, what is the rest? WPA Cracker's creator, a security expert who calls himself Moxie Marlinspike, says your handshake is turned over to a 400-node computing cluster that will use the WPA-PSK breaking methods described above to bust the password.