Freely subscribe to our NEWSLETTER

As a result, says Anthony Haywood, the company’s chief technology officer, companies should consider moving to Ethernet/wireline connections for their company intranets and Internet access facilities.

The update of EWSA means that, with the professional version installed, hackers can use a computer with up to 32 CPUs and 8 GPUs to crack WiFi encryption using a brute force attack," he said.

"Although the professional edition costs almost $1,200, it’s reportedly possible to download a trial version of the software and crack it using utility files available via filesharing networks," he added.

According to idappcom’s CTO, whilst the irony of this situation won’t go unnoticed at Elcomsoft’s Russian headquarters, the reality is that the software can brute force crack as many as 103,000 WiFi passwords per second – which equates to more than six million passwords a minute – on an HD5390 graphics card-equipped PC.

Furthermore, says Haywood, if you extrapolate these figures to a multi-processor, multiple graphics card system, it can be seen that this significantly reduces the time take to crack a company WiFi network to the point where a dedicated hacker could compromise a corporate wireless network.

Our observations at idappcom, he added, is that this is another irresponsible and unethical release from a Russian-based company that has clearly produced a `thinly disguised’ wireless network hacking tool with the deliberate intention of brute force hacking wireless networks.

“The solution is clearly and intentionally priced within the grasp of any hacker or individual intent on malicious wireless attacks,” he said.

“Assuming you have no password and access control recovery system, if you do forget the password to a wireless network that `you own, how difficult do you think it is to walk over to the device and press the reset button? In most situations resetting a wireless device, restoring a configuration and setting a new password is a process that can be achieved in minutes,” he added.

Idappcom’s CTO went on to say that, as we’ve seen with security researcher Moxie Marlinspike’s wpacracker.com Web-based wireless password cracking service, a WPA password can be cracked in under 20 minutes, and that service is getting on for almost two years old.

“Against this backdrop, and the capability of what this unethical software is capable of, it’s clear that the ElcomSoft application is a significant event in the wireless security timeline,” he said.

"While we always recommend that companies install an IP traffic analysis solution on their network, the arrival of the refreshed version of EWSA means that users can no longer trust that their WiFi connection - unless they use a VPN - is truly secure," he said.

"The irresponsible release of EWSA has profound implications for users of online banking and allied services, as well as company emails, which frequently contain company private information,” he added.

“The even bigger question is whether a company using a wireless network on its premises can still be considered to be secure as far as the Data Protection Act is concerned, but that is a decision for the Information Commissioner’s Offices to make.”