General consumers can now purchase network key-cracking kits in China, a bundle that includes a Wi-Fi USB adapter, a Linux-based operating system, key-breaking software that attacks "long-known weaknesses" in the Wi-Fi encryption standard, and a detailed instruction booklet. The kits are currently sold both online and at Chinese electronics bazaars.
According to Computerworld, the kits are pitched by shady salesmen as a means of surfing the Internet for free... and on the cheap. Apparently the kits cost next no nothing--a mere $24 USD, cheaper than a wireless router or even a new Nintendo DS game. Apparently these kits are super simple to use, requiring very little technical knowledge, allowing general consumers to easily steal passwords from Wi-Fi networks owned by other people and gain access to their Internet connection.
To get online, buyers simply plug in the Wi-Fi adapter into the USB port. Users than install the drivers followed by the Linux-based operating system called BackTrack. Applications are pre-loaded with the OS, and will attempt to obtain keys from WEP and WPA secured networks. Once the keys are obtained, users simply reboot back into Windows and use the keys to gain access to the now-hacked network.
But how long does it take? One kit was tested on a local, private network using the WEP key equivalent of "sugar." The attempt took over an hour to crack, however the current record is around 20 seconds, so the results can vary depending on many factors. Brute-force attacks on WEP keys are typically more effective than attacks used against the newer WPA encryption. Unfortunately, many networks still use WEP, leaving them more susceptible to a possible attack.
Once users gain access to the network, it may not be all about surfing. One researcher believes that sensitive personal data can be obtained as well because the kits actually capture data packets to perform their attacks. Although the kits are deemed illegal, they're widely popular in China, and could pose as a national security threat if the popularity gets too far out of control.