Wi-Fi Key-Cracking Kits Now On Sale in China
General consumers can purchase kits to gain access to Wi-Fi networks anywhere in the world.
General consumers can now purchase network key-cracking kits in China, a bundle that includes a Wi-Fi USB adapter, a Linux-based operating system, key-breaking software that attacks "long-known weaknesses" in the Wi-Fi encryption standard, and a detailed instruction booklet. The kits are currently sold both online and at Chinese electronics bazaars.
According to Computerworld, the kits are pitched by shady salesmen as a means of surfing the Internet for free... and on the cheap. Apparently the kits cost next no nothing--a mere $24 USD, cheaper than a wireless router or even a new Nintendo DS game. Apparently these kits are super simple to use, requiring very little technical knowledge, allowing general consumers to easily steal passwords from Wi-Fi networks owned by other people and gain access to their Internet connection.
To get online, buyers simply plug in the Wi-Fi adapter into the USB port. Users than install the drivers followed by the Linux-based operating system called BackTrack. Applications are pre-loaded with the OS, and will attempt to obtain keys from WEP and WPA secured networks. Once the keys are obtained, users simply reboot back into Windows and use the keys to gain access to the now-hacked network.
But how long does it take? One kit was tested on a local, private network using the WEP key equivalent of "sugar." The attempt took over an hour to crack, however the current record is around 20 seconds, so the results can vary depending on many factors. Brute-force attacks on WEP keys are typically more effective than attacks used against the newer WPA encryption. Unfortunately, many networks still use WEP, leaving them more susceptible to a possible attack.
Once users gain access to the network, it may not be all about surfing. One researcher believes that sensitive personal data can be obtained as well because the kits actually capture data packets to perform their attacks. Although the kits are deemed illegal, they're widely popular in China, and could pose as a national security threat if the popularity gets too far out of control.
- CliffyB: Gears 3 Is Nothing Like Waterworld
- Google to Launch Digital Books Early this Summer
- Game Boy, Phone Used in High School Bomb Scare
- Gadgets That are Obsessed With Transparencies
- Casini Studio's MP3 Player Doubles as a Pendant
- Genuine Healing Lights Coming Soon
- Stealing, Pirating Assassin's Creed Costs Man $25K
- VIDEO: New iPad 3G Gets Nuked Inside Microwave
- Times Square Car Bomb SUV Bought on Craigslist
- Top 7 Things You Shouldn't Do On Facebook
- Boy Finds USB Stick With Private Medical Records
- New iPhone OS 4.0 Beta Reveals File Sharing
- Oprah Has a 'Fancy' 4G Phone That You Can't Have
- iPad Spy Software Snoops on Email, History
- Hohrizontal 51 Shelf Doubles as iPod/iPhone Dock
- LightLeafs Promises a Bookmark Revolution
- The Alarm Clock That Does All the Thinking
- Microsoft Releases IE9 Preview 2
- School Didn't Spy, Just Had Crappy Privacy Policies
This is messed up.
Where can I get one?
This is the electronic equivalent of bottled water. You can get cracking software anywhere.
This is messed up.
The only thing that's messed up is the article.
According to Computerworld, the kits are pitched by shady salesmen as a means of surfing the Internet for free... and on the cheap. Apparently the kits cost next no nothing--a mere $24 USD,
Seriously don't you guys have a copy editor or someone who checks everything BEFORE it goes live?
LOL, sure they are needed to get free internet access.
Crap, sometimes it's harder to configure devices not to use the "I am broadcasting my network everywhere, hack me please" configurations seen in your local neighbor hood then it is to use specific ones.
This is the electronic equivalent of bottled water. You can get cracking software anywhere.
More liek weed. It's illegal but still everyone uses it.
Run over some protesters with tanks, deny basic rights to people, hack other countries' servers, have 1/4 of the economy based on counterfeit goods, steal WiFi.
Hey, China is the ultimate Pirate! I'm sending them an eye patch.
The kits are probably put together, on the cheap, with the left over melamine from the milk, lead from toys, and engine coolant from toothpaste foreigners aren't buying anymore from China...
Lets go wired... Simple solution. Set your router Filter MAC address -> allow only this/these MAC addresses your hardwares currently have. Even if they hack your WEP they still can't access your router.
Lets go wired... Simple solution. Set your router Filter MAC address -> allow only this/these MAC addresses your hardwares currently have. Even if they hack your WEP they still can't access your router.
Wrong, then they will just spoof your mac address too. It's another layer of security, and a good one, but certainly not foolproof.
so they are selling you a free open source Linux distro....
A fool and his money are soon parted. Oh and BTW it doesn't work on WPA2 with AES or Enterprise setups, that requires a more "forceful" approach.
Toms has a moral obligation NOT to publish such articles & give publicity to the thiefs ...
dont you have to be able to ping or to have some kind of network connection to see mac addresses? how can you get a mac to something that does not respond to any other mac ping?
Backtrack is nothing new, we use it in my IT security class all the time. Its great for securing your own network but it can just as easily give you access to others. There is no reason to buy these kits, the software is free...
http://www.backtrack-linux.org/
The time to crack greatly depends on if the network you are trying to crack has a wireless device connected to the network at that time. The exploit relies on obtaining vulnerable packets, which you can generate by causing the device to disassociate/associate with the access point multiple times. If I remember correctly Toms Hardware had an article illustrating this a while back.
Like someone said, who would pay for this, it's like paying for bottled water when there is a free, higher quality water source nearby.
Remember when Tom's posted an article on how to crack WEP keys with the use of a linux machine and 1 or 2 additional laptops?
These "cracking" kits are probably a more "compressed" version of that article by coincidence. Hence "war driving" has been around for a long time.
WEP is already proven to be a security vulnerability. But I'm curious as to the validity of these "cracking kits" and their ability to crack WPA/WPA2.
I know it's 2010 but does the AES encryption standard have a cipher strength that is rated to uncrackable currently. I remember reading a few years ago while studying for my security+ certification that AES is rated to have a cipher strength so high that even a supercomputer would take more than 10 years(possibly more I can't remember) to decrypt the cryptography mechanisms of AES.
I remember my former co-worker telling me of an internet article of an individual claiming to have (what the media appeared to have misinterpreted as) cracked WPA/WPA2. According to my co-worker the individual in question claimed that he did not crack or decrypt the cryptography mechanism but merely used an "exploit"( this person obviously would not disclose his methods)to obtain access to a secure wifi network under wpa/wpa2.
I wonder if it was tom's that covered that as well.
If anything these kits probably utilize an exploit in the WPA/WPA2 mechanism and does not really decrypt or "crack" the cipher strength of WPA/WPA2.
Just my 2 cents worth.
i use a radius based authentication infrastructure. Go ahead hack all you want the keys are managed by the server and they change every 3 hours.
I honestly don't know a single person who smokes weed.
AFAYK
WiFi cracking has been going on as long as there has been WiFi to crack. There have always been various ways to protect your WiFi, but when it gets down to it you can't secure it 100%. I read somewhere one time that they recommend banks and so forth to NOT have WiFi because it cannot be made totally secure.
I honestly don't know a single person who smokes weed.
ok ok I used 'everyone' loosely. But still... 'enough' people use it
an hour to crack a wep key? they're not doing something wrong. Now a WPA key with dictionary words I can see taking that long maybe, and figgus is right, they'll just change their mac to match an approved machine, mac filtering is only slightly more useful than disabling SSID broadcast.
I can do that with my laptop within windows for free...
I honestly don't know a single person who smokes weed.
They just aren't telling you..,
correction
they're doing something wrong.
Toms has a moral obligation NOT to publish such articles & give publicity to the thiefs ...
Whos going to buy a shady crap from china when you can hack those cheap passwords for free with many widely available tools...
Wrong, then they will just spoof your mac address too. It's another layer of security, and a good one, but certainly not foolproof.
My network is called SSID is HackThis.
It uses WPA2 and 40 random alphanumerical characters. The key is written on the switch and the switch is physically protected by a 870 express tactical shotgun.
Hack this!
So, two great suggestions for preventing this pulled from the above comments above that I already use: 1) Use WPA2-AES encryption with a nonsensical-not-in-the-dictionary password, and 2) Turn on MAC address filtering. Sure, compatibility with old devices won't always be perfect, and especially with suggestion 2 it's much harder to add new devices to your network. However, you can be almost certain that your data is safe and your internet connection won't be involuntarily "shared".
No one should be using WEP anymore. WAP is crackable in real time IF the passphrase is short and dumb...something like "sugar". WPA is considered secure with non-dictionary keys longer than 20 characters. As of today, WPA2 is uncrackable in real time. Theoretically WPA2 could I guess be cracked offline. Encrypted packets could be captured out of the air and brute-forced. If someone is that determined to gain access to your network you have some pretty issues above someone trying to hack your network I think.
The people selling these are performing a public service. Anyone stupid enough to still be using WEP deserves to have people ripping off their WiFi -- just like those who run unsecured.
If you don't know the differences between WEP/WPA/WPA2, you shouldn't be running WiFi. There is no excuse for ignorance. If you drive a car, you know to lock it. No difference here.
As was said before the Chinese are the ultimate pirates. It wouldn't surprise me if they put in something of their own to gain access to everyone's computer who uses this device.
Whos going to buy a shady crap from china when you can hack those cheap passwords for free with many widely available tools...
My network is called SSID is HackThis.It uses WPA2 and 40 random alphanumerical characters. The key is written on the switch and the switch is physically protected by a 870 express tactical shotgun.Hack this!
I hav that same exact remington. Yeah gun lovers ftw!
Toms has a moral obligation NOT to publish such articles & give publicity to the thiefs ...
Ehhh... no I can't agree with that. The first thing I thought was that I should see if these programs will run under Ubuntu. Mind you not to steal others... I want to know how hard it would be to steal mine. Anyone with concerns of their own security should attempt to crack their own WiFi. Anyone I help setup I use WPA2 so long as everything in their house supports it.