You may feel safe surfing the Web in your living room, but your next-door neighbor could hack into your password-protected Wi-Fi network in a matter of minutes.
German researcher Thomas Roth said he was able to guess the encrypted password to a Wi-Fi network in his native Cologne using the massive calculating power of Amazon's Elastic Compute Cloud virtual supercomputer, which anyone can buy time on.
Cloud computers — networks of remote servers handling processing and data storage — enable users to execute tasks at dizzying speeds. Roth uploaded his own specialized software to Amazon’s cloud and got it to test 400,000 potential Wi-Fi user passwords per second.
Like most up-to-date home Wi-Fi networks, Roth's compromised test network used the Wi-Fi Protected Access (WPA) encryption standard, which is difficult to crack.
But any password can be guessed, given enough processing power or "brute force" --- and that's exactly what Roth bought cheaply from Amazon.
Amazon charges 28 cents per minute to use its cloud servers, and Roth's initial break-in took about 20 minutes, at a presumable cost of $5.40. He told Reuters he later updated his software to perform the same attack in about six minutes, which would have cost $1.68.
Roth said he wanted his proof-of-concept hack to prove that even home and business Wi-Fi networks that have been deemed unbreakable are dangerously vulnerable.
“People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so,” Roth said. “But it is easy to brute-force them.”
Don Jackson, director of threat intelligence for the security firm SecureWorks, said cloud-based networks will absolutely open up new attack routes for cybercriminals, at a very low cost.
"We do expect to see [high-performance computing] in the cloud being commonly used for brute-force and compute intensive attacks on passwords, encryption and other security protections in the future," Jackson told SecurityNewsDaily.
To stay protected, Jackson advised changing default passwords for managing routers, wireless access points and firewalls, keeping firewalls on, and disabling automatic Internet access for home gaming consoles."