Daniel Hruska If you're using the default security password to connect to a personal hotspot you've created, you should consider changing it. German researchers from the University of Erlagen claim to be able to crack it in less than one minute.
V document with name Usability vs. security: The eternal trade-off in the context of Apple's iOS mobile hotspots researchers at Enlargen demonstrate generating weak default passwords for a personal hotspot. They prove their claims on the susceptibility of a brute force attack when establishing a connection with WPA2.
The paper states that iOS generates passwords based on a list of words containing roughly 52 entries, however, iOS reportedly relies on only 200 of them. In addition, the whole process of choosing words from the list is insufficiently random, which leads to their uneven distribution in the generated password. And it is this bad distribution that allows password cracking.
Using a cluster of four AMD Radeon HD 7970 graphics cards, researchers from the University of Erlagen were able to crack passwords with an alarming 100% success rate. During the entire experiment, they were able to compress the breakthrough time below one minute, to exactly 50 seconds.
In addition to unauthorized use of the Internet from a connected device, access to services running on that device can also be gained. Examples include AirDrive HD and other wireless content sharing applications. And it is not only the device on which the personal hotspot is created, other connected devices can also be affected.
The most serious thing about the given situation is probably the fact that the entire process of cracking the password can be fully automated. An app was created as proof Hotspot Cracker. The computing power needed for the brute force method can be easily obtained over the cloud from other devices.
The whole issue stems from the fact that manufacturers tend to create passwords that are as memorable as possible. The only way out is then to generate completely random passwords, since it is not necessary to remember them. Once you've paired a device, there's no need to enter it again.
However, the paper states that it is possible to crack the password on Android and Windows Phone 8 in a similar way. With the second mentioned, the situation is even easier, because the password consists of only eight digits, which gives the attacker a space of 108.
That's nice, now the question is, when someone uses the hotspot.... He has the appropriate knowledge, so he automatically changes the password for his own convenience, right?