I Made a Wifi Cracking Van

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Hey, get over here. On the count of three, your Wi-Fi password's gonna appear on this monitor. Ready, one, two, got 'em! Pretty neat trick, huh? And sure, maybe I didn't get it for all of you, but a shocking number of people are still either using the default password that came with their device or their phone number or a loved one's phone number, which you may already know is a huge security problem. How easy is it to crack these passwords? Well, with the Crackinator Password Stealmatron, aka this van, I can do it in seconds, which would give me access to any shared resources on your network, would allow me to use up your data limit, and would even allow me to engage in illegal activities that would ultimately be traced back to you. I'm going to show you how we built it, and I'm going to give you guys the tools to stop people like me. And today's video is brought to you by APOS, LTT keycaps. Yes, they're real. And yes, you can get them right now. Check them out at the link down below where you can get free U.S. shipping. Wi-Fi security historically has been a bit lacking. In fact... And if you're thinking that was a dramatic reenactment, surely it's not that bad. You're right because it's worse than you think. Whether we get chased off or not doesn't even matter. We can grab everything we need from a target's network in the 30 seconds that it takes them to spot us outside their house and walk out to confront us. So if they're using any kind of phone number password I should be able to break through it. This easily. And so that was it. Yep. While it may shock you to learn how easy it was to crack that network's password, it might also shock you to know that for the majority of Wi-Fi's life, it's kind of been this way. WEP was the first generation of Wi-Fi password protection to find widespread adoption. And at first, it was good enough, especially compared to the alternative of your data just raw-dogging it through the air unencrypted, but it took technology only a few years to advance to the point where WEP could be cracked in under a minute. The attack method was pretty straightforward. Every packet of data contained the password in some manner, so if enough packets could be intercepted, they could all be compared to find out what they had in common. This was the reason for the switch to WPA2, or Wi-Fi Protected Access, which ditched the constant sending of the password, simplifying the process down to a four-part handshake. First, the device tells the router it wants to connect, then the router sends back a challenge key, the device then mixes the challenge key with the password and returns it to the router. Finally, the router sends back a session key, and that gets used for the remainder of the time the device is connected. For an observer then, this is kind of like having a picture of the lock, and knowing that a standard looking key opens the lock, but having no idea what the exact shape of that key needs to be. Now they could attempt to brute force it, but it would take forever, and they would risk detection because they would need to be in range of the lock at all times. This ended up being pretty effective for a while. But wait a minute, what if, instead of just knowing what the lock looks like, the hacker possessed a collection of exact replicas of the lock, allowing them to try key after key after key without detection? Well, that is exactly what we did. By stealing the complete handshake packet, we've obtained the challenge key and the result of mixing it with the password. Well, at that point, we can take that information to a safe location, brute force it with the power of our Crackenator, and then return to do our shady business. Making things even simpler for ne'er-do-wells, encryption cracking plays real nice with multiple cores, with each core of a processor hypothetically being able to try a different key in unison. And this might not mean that much for CPUs that have only a handful of cores, or at most, what, 128, 192? Well, when it comes to GPUs, we are talking thousands of cores. So while we obviously could put hardware with this kind of password cracking capability into a mobile hacking station like this, we don't even need to. All right, let's finally properly meet the Comino Grando RM. Now, just so you remember, the RTX 4090 has 16,000 CUDA cores in it, and this has six of those. I haven't seen one of these for about two years. Every time Comino sends over a system, they are so. nice. Actually, before I'm even in, I can see something that is a huge improvement over the last one. Previously, they were using SFX-L power supplies, three of them, which is not the best if you want to have a server. This time we have proper server grade power supplies and there are four of them. So I am kind of curious if it will just keep on running if you take one of them out, maybe even two of them out. I have never seen a 4090 like this. This is strange. So we have our power connectors right here, which are not connected to anything at all, because Comino have put power connectors on the back of these GPUs. I have seen some PCBs with the pads for these power connectors, but never anything actually installed like this. It looks like Comino has made their own custom PCB for 12-volt high power connectors right here. You can see that we have a couple extra, and if they wanted, they could have heaps, absolute gobs and gobs of GPUs in this thing. I take it this computer's extraordinarily loud. Yes, very. That's loud. These run much quieter. Yeah, and they also can't run any AI workload worth a damn compared to this thing. They're quiet. In the past, Comino have had their servers set up so that you can kind of just put it in like your office and it would be fine. We'd have like Noctua fans set up here that blow across the power supplies. and the radiator at the same time. This right here is clearly a lot more server grade with these absolutely chonktastic cut your finger off fans right here. What hasn't changed though is how impressive their water cooling is. In here we have a great big water cooling manifold that's distributing in parallel water to our CPU and all of our GPUs and then it's taking all of that heat and dumping it into this great big radiator with those massive fans. It looks like all of the water blocks are completely custom for Comino. We've got these beautiful GPU ones that are just nice and small. Just look at how beautiful this VRM heatsink is over here. It's just machined out of copper. Everything in here is just absolutely beautiful. 32 gigabytes. I think the last one that we had, all of them are 64. So not too much RAM. 256 is still a lot though. So Tanner, have you done everything that you need to do with this for the video? Yeah. Have you tested the power supply redundancy? No. Should we? We can do that. All right, let's see if these power supplies are redundant. This is a very simple test. The computer is on. The computer is still on. Good job, guys. One thing that isn't very server-like with this is the I/O. We have heaps of USB ports right here. Normally on a server board you only get like two. We also have two 10-gig and Intel AX200 Wi-Fi, which will get you Wi-Fi 6E, and WPA3 for that good, good high security Wi-Fi. Ah, yes. While hackers and crackers were working to defeat it, WPA was doing some leveling up of its own. And it's a pretty safe bet that any Wi-Fi 6 device will be using WPA3 encryption. What's changed? Well, the new Dragonfly handshake method aims to make it much more difficult to observe the handshake process and crack the password offline. But along with a few smaller vulnerabilities, it does have one major flaw that still persists. If your network contains any devices that were made before WPA3 or one of the few devices made after that, then it's likely that you'll be using WPA3 that just doesn't support it. Like say for example, an HP printer, your router will fall back to WPA2 for that device unless it is explicitly told not to. That is our entry point. Wow. Thanks Linus. Yeah, no problem. See you later, buddy. Let's hope things go a little better with victim number two. About a week ago, I gave them an HP printer and as long as they didn't get far enough in the setup process to realize HP requires them to have a subscription just to use the ink in the box, they're gonna have that on their network. Doesn't that come with like a trial or something? Yeah, but I kept that for myself. What, I'm gonna pay for my own printer subscription? I'm a hacker. Are you done? Yeah, I'm done. Okay, got the handshake data, let's go. All right, let's go. Okay, this is not going so well. And that's because even with our stolen lock, the cracking difficulty of one Wi-Fi password compared to the next can be dramatically different. A traditional lock and key might have only five or six values that differ and five or six possible heights for the teeth. WPA passwords, by contrast, can use any of the printable ASCII characters and be up to 63 characters long. That means that the total number of different passwords that could exist is... very high, or at least it would be if people weren't so gosh darn predictable. When you are expected to share a password with others, you are much less likely to select one that looks like this, and you are much more likely to select one that looks like this. So with a dictionary attack, where a list of words is used instead of random strings of characters, hackers can drastically reduce the number of passwords that they need to attempt down from 20 quadrigentillion apparently yes that is a real number to only hundreds of millions which might still sound like a lot until you consider that a single rtx 4090 can attempt over 2 million wpa2 passwords per second let's tackle a pretty typical 12 character password then with a number and a special character and yeah Armed with only a dictionary of a million common words combined with a mask of any non letter ASCII character I can take down your super secure, but still easy to say password in just seconds All right, then Linus if full sentence passphrases don't work. What do I do now? Well, you might try creating a password with a string of random Upper and lowercase letters with numbers and punctuation, which is actually great in theory but unfortunately, once again, people are predictable and they tend to do things like use mnemonic phrases for easier memorization. According to researchers at Carnegie Mellon, these phrases often tend to be based on popular media like Shakespeare or, more commonly, apparently, the Oscar Mayer Wiener jingle, making them susceptible to dictionary attacks all the same. You could use a password generator to create a long string of truly random characters and then only share your Wi-Fi credentials through QR codes. This has the benefits of being both secure and easy to use in most scenarios, but it can be a huge pain as soon as you need to connect a device that doesn't happen to have a camera. Or at least it would be a huge pain if you allowed those devices on your network at all. As it turns out, you don't really have to if you just make a new network for obnoxious devices that compromise your security. If all they need is internet access, a really great and fairly noob-friendly way to deal with this is to put them on your router's guest SSID. If they need more though, then you might have to learn about VLANs. Network security doesn't end at Wi-Fi security, and Wi-Fi security doesn't end at a strong password. Many routers do include an option to limit networks to WPA3 only, and while this does break backwards compatibility with older or less secure devices, having a second WPA2 network using a different password and with much stricter network access rules is a great option if you're willing to put in the time to learn about it. In fact, at that point, why stop at two networks? You could have one for your main devices, one for your IoT devices, and then a limited guest network for your visitors. It's a great way to really improve your network security, usually without having to purchase any additional hardware. Just like this is a great way to segue to our sponsor, Squarespace. Are you looking to create a website but lack the technical expertise? Squarespace is here to help. Their all-in-one platform simplifies the process of getting your website up and running quickly. With Squarespace, you can grow your business online through their marketing features, which include SEO support, email campaigns, and social tools. They offer a wide selection of award-winning, mobile-optimized templates, and their commerce platform provides everything you need for merchandising to check out. You can also access Analytic Insights to optimize your website's performance and identify areas that need improvement. If you require assistance, Squarespace has help guides and a 24/7 support team. So visit squarespace.com/ltt to receive 10% off your first purchase. If you guys enjoyed this video and you want a more detailed guide on how to improve your home network security, check out the time that I separated my main network from my IoT devices.
Info
Channel: Linus Tech Tips
Views: 1,390,580
Rating: undefined out of 5
Keywords: wifi, hacking, cracking, diy pc, networking, home network, router, wireless, infosec, network security, security, blackhat, whitehat, hashcat, pwnagotchi
Id: i9TJWsuzBLU
Channel Id: undefined
Length: 14min 22sec (862 seconds)
Published: Sat Mar 23 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.