UPC Vienna Wifi-Passwords easily broken with GPUs

· 408 words · 2 minute read

With a majority of households using wireless access points (AP) for internet, secure Wifi has become a key consideration in people’s digital lifes. The outdated encryption standard WEP, which is rarely used any more can be broken in less than 10 minutes. For the newer WPA no direct attack exists so far. The only way is to try a large number of passwords.

Recent advances in parallel computing and graphic cards (GPU) have drastically shifted the odds in favour of potential attackers. With an ordinary CPU, found in most desktop computers and laptops, about 500 Pairwise Master Key (PMK) can be evaluated each second. Modern GPUs can calculate up to 80 000 PMKs per second.

Such an increase in speed doesn’t mean that each and every wireless network is at risk, it only shifts the vulnerable keylength further up. Consider this: At 500 PMKs per second it would take approximately 3 years to break a 6-digit password that uses upper- and lower letters, as well as digits. When using a high-end GPU, 3 years become 5.5 days.

Since password complexity increases in an exponential fashion, slightly longer passwords offer a radically better protection. A 8-letter password from the same number space would take 50 years to crack, even on a high-end GPU.

As we can see, faster cracking techniques only affect password length at the margin, if done right. At UPC Vienna, in Austria this principle is not as well understood. The routers that come bundeld with their broadband connection use an 8-letter password that only seems to consist of capital letters. (I only have access to a limited sample at this time.)

When doing the same calculations as before, such a password took about 7 years to crack, when done on a standard CPU. This would be a huge effort, just to steal your neighbors internet. If we throm in GPUs, the story changes. 7 years become about 16 days on a single workstation. This timespan is quite doable. When performing the calculations in Amazon’s EC2 cloud each UPC-password can be cracked at the cost of about 180 EUR in 3-4 hours. This number is expeced to come down in the following months, due to an increased interest in the topic.

Since it’s not feasible for UPC to change hundreds of thousands of passwords in Vienna (and maybe the whole of Austria), consumers need to act for themselves and pick a more secure key for their AP.