I overheard a conversation the other day and being a bit of a techie, it got me really interested. "Just hide your SSID broadcast, and they won't be able to hack into your Router." Boasted some guy who has probably "fixed a computer before, so he's a Computer tech".
I didn't actually chime in and shoot him down straight away, so I went away and did some digging around. Within a few minutes of perusing Google and YouTube, I found a Linux distribution called Backtrack. This little gem of an OS can be loaded onto a USB memory stick, and will boot off that and no installation onto a hard drive is necessary. Took me a little while to get it working, but once all the little bugs were ironed out, I was staring at a desktop background with the words Backtrack splashed all over it.
So, being a bit of a Unix/Linux newbie, I started a little self-study on how to actually use the console, and what applications I could use to illicit torture to my poor router.
So, first up: Find out if hiding the SSID was actually "hidden". Simple answer, No. With a little persistance, you can actually find out the SSID, as the stations (computers, consoles, mobile phones, wifi printers - the list goes on) actually blurt the name out, and direct the name to the MAC address of the router in question. This took all of 10 seconds to figure out.
Ok, so I have the SSID, now what?
Doing another quick YouTube search, I found out that I can get an application to actually deauthorise a computer from a router. I don't need anything fancy, nor even be on the wifi network. What this does, is send the de-auth packet targeted at the station, and makes it reauthenticate back to the router. It does this by spoofing the mac address of the router, so that the computer thinks this is a genuine request. The computer then reauthenticates, and the application that you use just received it and recorded it. Here's where the fun starts.
So, another application that is included with backtrack, is something called Crunch. This will try and crack the password of the authentication packet you got from the station, and just brute force it's way in until the right password is found. The longer and more complex the password, the longer it will take to crack.
I know that my router came shipped with letters only as the default password, and it was 8 characters long, using alphabet characters only. So, let's put this into math.
26^8= 208,827,064,576. That would be the possible pool of password choices. Big number, isn't it?
My laptop was capable of doing roughly 4,500 passwords a second via the CPU, and at that rate, it would take 46406014 seconds, which is 537 days.
Good, that's pretty secure, just make sure I change the password once a year, and I should be fine.... right?
NO!
Let me explain a new concept that has been developed by Nvidia and ATi. What they've done, is allow the computer to use the graphics card for processing power, so that it can share the load. Graphics cards are built and designed with huge data processing in mind, with working out physics, lighting, etc. So, doing brute force attacks with a GPU would be childs play. GPU's can do about 45,000 passwords a second, that's 10 times faster than the CPU in my laptop could do!
Let's recalculate that, shall we?
208,827,064,576/45,000 = 4,640,601 seconds, or 53 days....
Ok, so that's getting to the point of being dangerous, and you'd need to possibly change your key every month to stay ahead of the game.
Aaaand now, I'll introduce you to the tech called SLI. (You knew there was a catch, didn't you!)
SLI, allows you to install more than 1 video card into your computer, and they balance the processing load. So, effectively doubling the processing power. So now, we're bordering 90,000 passwords a second and that pushes it down to ~27 days. Get a third card, you see where this is going.
If someone is persistent enough, they'll get in. Get more computers all cracking at the same time, and it soon becomes clear that this will be cracked in no-time.
Lets just say, you have 26 computers at your disposal, each with 2 graphics cards, each doing 90,000/sec, and each computer has the first letter configured in the crack, so that computer only needs to crack the last 7 letters. This reduces the number of combinations from 208 Billion, to a mere 8,031,810,176. So one of the 26 computers will get the key in just 24 hours! That's on the premise that the key is the highest value of *ZZZZZZZ.
But all of this number crunching above can be circumvented by the dreaded WPS system. This uses an 8 character numerical code that you can type instead of the network key. There are 99,999,999 different combinations, and is easily crackable. This will actually reveal the network key, no matter how complex, or how long, or whether or not you even use special characters.
So, to sum it up, wireless "can" be secure, just whatever you do, DON'T USE WPS. Also, use capitals, numbers and special symbols, and at least 10 numbers. You've heard this all before "use secure passwords, blah blah blah". But be warned, if someone hijacks your wifi connection and does some "questionable activity" on it, YOU will be the one that the police will be grilling.
