Skip to main content

Hackers Use Nvidia GPUs to Crack WiFi

Most people grumble and complain about the high cost of top end GPUs. Now it appears that these GPUs are cost-effective ways to breach wireless network encryption.

Russian Hackers reportedly broke through WPA and WPA2 encryption using a brute force attack coupled with Nvidia’s GPUs. With no mention of which specific card was used in the discovery, the card supposedly increased password recovery up to 10,000 percent faster. Reports at this time are quite vague on the details, but if the claims hold any water at all, security experts could have a serious issue on their hands.

Commenting on the issue, David Hobson, managing director of Global Secure Systems (GSS) claimed that companies can no longer view standards-based WiFi transmissions as sufficiently secure against eavesdropping to be used with impunity. He also added that the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act.

The problem here is that most VPNs also use AES encryption which is the same encryption that is employed by WPA2. WPA employs RC4. If this new type of approach at breaching WPA/WPA2 protection actually works with ease, then the majority of VPNs are at risk as well.

Brute force decryption of WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for quite some time now – and presumably employed by relevant government agencies in extreme situations. If tech savvy hackers at home get the chance to tap the power of GPUs for this purpose, a whole can of worms is about to open.

Some companies employ different strategies however. Some industry experts believe that the security focus should not be on the link itself, but rather the points at each end. If you secure your systems and the data sent over the link, then it doesn’t matter what people see in between.

  • apache_lives
    it obviously wasnt a defective G84/86 :D
    Reply
  • hannibal
    Well ATI 4870 and NVidia 280 has so much prute force, that this is somewhat possible... Can anyone see that there will be regulations that CPU's and GPU of certain power may not be available to common citicen, because of their decryption power? ;-)

    Well, it can not happen! Can it?

    Orwel 1984
    Reply
  • crystal_tech
    look into fold@home and think if someone tuned an app for bruteforce. "yea i can break that encryption no prob let me boot up my grid"
    Reply
  • manwell999
    brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.

    If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.

    This article should be taken with a grain of salt.
    Reply
  • Dictionary attack isn't unthinkable, you'd be surprised how stupid passwords companies keep.
    Reply
  • daskrabbe
    Maybe, but if you sli two of them, it is only half of that!
    Reply
  • zenmaster
    shinobi1233333333Dictionary attack isn't unthinkable, you'd be surprised how stupid passwords companies keep.
    I worked as a consultant for a few months with a massive federal agency.
    The Passwords for all Cisco routers were ........... "cisco".

    Administrative IDs/PWDs for different systems were stored in clear text on LDAP servers available via Anonymous Access so they could be retrieved easily if an admin forgot them.

    Scary is all I can say.
    I ceased trying to add them after a couple months and moved on because they had no interest in actually even acknowledging all the problems I was hired to locate.

    Needless to say, those couple items were only the very tip.

    While if a hack was found, that is scary.
    What is scary in my mind, are the folks who manage many networks.
    (and not just small ones.)
    Reply
  • Shadow703793
    manwell999brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.This article should be taken with a grain of salt.True. Agreed. But the following comment makes sense compared to brute force:
    shinobi1233333333Dictionary attack isn't unthinkable, you'd be surprised how stupid passwords companies keep.
    Just for lolz my school still runs on WEP!
    Reply
  • smalltime0
    manwell999brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.This article should be taken with a grain of salt.I agree, however if you consider the number of combinations that would actually be used to create the key (i.e. take out 11111...) that number will be significantly less.
    Reply
  • SLI & Crossfire are not used for GPGPU aps; using Gx2 style cards you can currently put up to 8 graphics chips to work in a mini farm capable of nearly 8 teraflops from a single computer for less then $2k - outworking hundreds of high end cpu based machines with ease. Since CUDA uses a basic form of C++ anyone (given enough time) can develop an app to take advantage of this paradigm shift in computing power available to the general public.
    Reply