WEBVTT

00:00:00.760 --> 00:00:08.719
hey get over here on the count of three your Wi-Fi password is going to appear

00:00:04.640 --> 00:00:12.679
on this monitor ready one two got

00:00:08.719 --> 00:00:14.679
him pretty neat trick huh and sure maybe

00:00:12.679 --> 00:00:18.960
I didn't get it for all of you but a shocking number of people are still

00:00:17.080 --> 00:00:22.800
either using the default password that came with their device or their phone

00:00:20.960 --> 00:00:29.080
number or a loved one's phone number which you may already know is a huge

00:00:26.160 --> 00:00:36.640
security problem how easy is it to crack these passwords well with the cenator

00:00:32.119 --> 00:00:38.719
password steel Metron AKA this van I can

00:00:36.640 --> 00:00:42.559
do it in seconds which would give me access to any shared resources on your

00:00:40.640 --> 00:00:47.120
network would allow me to use up your data limit and would even allow me to

00:00:44.760 --> 00:00:51.800
engage in illegal activities that would ultimately be traced back to you I'm

00:00:49.840 --> 00:00:56.760
going to show you how we built it and I'm going to give you guys the tools to

00:00:53.520 --> 00:01:00.719
stop people like me and today's video is

00:00:56.760 --> 00:01:03.079
brought to you by apost LT keycaps yes

00:01:00.719 --> 00:01:06.560
they're real and yes you can get them right now check them out at the link

00:01:04.600 --> 00:01:13.400
down below where you can get free us shipping Wi-Fi security historically has

00:01:09.520 --> 00:01:17.360
been a bit lacking in

00:01:13.400 --> 00:01:17.360
fact I'm working on

00:01:18.479 --> 00:01:23.600
it and if you're thinking that was a

00:01:21.560 --> 00:01:28.560
dramatic reenactment surely it's not that bad you're right because it's worse

00:01:26.280 --> 00:01:33.240
than you think whether we get chased off or not doesn't even matter we can grab

00:01:31.600 --> 00:01:38.479
everything we need from a target's Network in the 30 seconds that it takes

00:01:35.799 --> 00:01:43.240
them to spot us outside their house and walk out to confront us so if they're

00:01:40.600 --> 00:01:49.880
using any kind of phone number password I should be able to break through

00:01:45.920 --> 00:01:49.880
it this

00:01:50.079 --> 00:01:57.759
easily and it's done that was

00:01:54.759 --> 00:01:57.759
it

00:01:58.159 --> 00:02:05.079
yep why let me shock you to learn how easy it was to crack that Network's

00:02:02.759 --> 00:02:11.000
password it might also shock you to know that for the majority of Wi-Fi's life

00:02:07.360 --> 00:02:13.040
it's kind of been this way we was the

00:02:11.000 --> 00:02:17.840
first generation of Wi-Fi password protection to find widespread adoption

00:02:15.040 --> 00:02:21.360
and at first it was good enough especially compared to the alternative

00:02:19.319 --> 00:02:26.519
of your data just raw dogging it through the air unencrypted but it took

00:02:24.120 --> 00:02:30.599
technology only a few years to advance to the point where we could be cracked

00:02:28.879 --> 00:02:34.720
in under a minute the attack method was pretty

00:02:32.440 --> 00:02:39.200
straightforward every packet of data contained the password in some manner so

00:02:37.160 --> 00:02:43.760
if enough packets could be intercepted they could all be compared to find out

00:02:41.400 --> 00:02:49.360
what they had in common this was the reason for the switch to WPA 2 or Wi-Fi

00:02:47.040 --> 00:02:52.840
protected access which ditched the constant sending of the password

00:02:51.200 --> 00:02:58.200
simplifying the process down to a four-part handshake first the device

00:02:56.000 --> 00:03:03.200
tells the router it wants to connect then the router sends back a challenge

00:03:00.360 --> 00:03:07.799
key the device then mixes the challenge key with the password and returns it to

00:03:05.200 --> 00:03:11.480
the router finally the router sends back a session key and that gets used for the

00:03:10.040 --> 00:03:16.280
remainder of the time the device is connected for an observer then this is

00:03:14.360 --> 00:03:21.480
kind of like having a picture of the lock and knowing that a standard looking

00:03:18.720 --> 00:03:26.000
key opens the lock but having no idea what the exact shape of that key needs

00:03:23.319 --> 00:03:30.159
to be now they could attempt to brute force it but it would take forever and

00:03:28.519 --> 00:03:34.120
they would risk detection because they would need to be in range of the lock at

00:03:31.760 --> 00:03:39.959
all times this ended up being pretty effective for a while but wait a minute

00:03:37.519 --> 00:03:44.720
what if instead of just knowing what the lock looks like the hacker possessed a

00:03:42.480 --> 00:03:49.920
collection of exact replicas of the lock allowing them to try key after key after

00:03:46.840 --> 00:03:53.120
key without detection well that is

00:03:49.920 --> 00:03:55.720
exactly what we did by stealing the

00:03:53.120 --> 00:04:00.799
complete handshake packet we've obtained the challenge key and the result of

00:03:57.920 --> 00:04:05.120
mixing it with the password well at that point we can take that information to a

00:04:02.840 --> 00:04:10.959
safe location brute force it with the power of our cenator and then return to

00:04:07.840 --> 00:04:13.319
do our Shady business making things even

00:04:10.959 --> 00:04:18.359
simpler for Nells encryption cracking plays real nice with multiple cores with

00:04:16.160 --> 00:04:22.639
each core of a processor hypothetically being able to try a different key in

00:04:20.519 --> 00:04:28.400
unison and this might not mean that much for CPUs that have only a handful of

00:04:24.840 --> 00:04:31.880
cores or at most what 128

00:04:28.400 --> 00:04:35.800
192 well when it comes to gpus we are

00:04:31.880 --> 00:04:37.680
talking thousands of cores so while we

00:04:35.800 --> 00:04:43.360
obviously could put Hardware with this kind of password cracking capability

00:04:40.360 --> 00:04:45.960
into a mobile hacking station like this

00:04:43.360 --> 00:04:52.320
we don't even need to all right let's finally properly meet the kamino grand

00:04:48.280 --> 00:04:53.240
RM now just so you remember the RTX 490

00:04:52.320 --> 00:04:59.880
has 16,000 Cuda cores in it and this has six

00:04:57.360 --> 00:05:05.680
of those I haven't seen one of these for about 2 years every time commo sends

00:05:02.479 --> 00:05:07.680
over a system they are so nice actually

00:05:05.680 --> 00:05:12.479
before I'm even in I can see something that is a huge improvement over the last

00:05:09.680 --> 00:05:17.560
one previously they were using sfx L power supplies three of them which is

00:05:15.520 --> 00:05:21.080
not the best if you want to have a server this time we have proper server

00:05:19.400 --> 00:05:24.759
grade power supplies and there are four of them so I am kind of curious if it

00:05:23.400 --> 00:05:30.240
will just keep on running if you take one of them out maybe even two of them

00:05:26.880 --> 00:05:32.960
out I have never seen a 490 like this

00:05:30.240 --> 00:05:37.960
this is strange so we have our power connectors right here which are uh not

00:05:36.039 --> 00:05:43.280
connected to anything at all cuz Kino have put Power connectors on the back of

00:05:40.199 --> 00:05:46.280
these gpus I have seen some pcbs with

00:05:43.280 --> 00:05:48.520
the pads for these power connectors but

00:05:46.280 --> 00:05:53.919
never anything actually installed like this it looks like Caminos made their

00:05:50.800 --> 00:05:55.880
own custom PCB for 12vt high power

00:05:53.919 --> 00:05:59.639
connectors right here you can see that we have a couple extra and if they

00:05:57.440 --> 00:06:03.800
wanted they could have heaps Absol abolute gobs and gobs of gpus in this

00:06:01.880 --> 00:06:12.240
thing I take it this computer's extraordinarily loud yes

00:06:07.840 --> 00:06:15.039
very that's loud these run much

00:06:12.240 --> 00:06:20.160
quieter yeah and they also can't run any AI workload worth a damn compared to

00:06:17.199 --> 00:06:23.919
this thing they're quiet in the past Kino have had their servers set up so

00:06:22.160 --> 00:06:27.840
that you can kind of just put it in like your office and it would be fine we'd

00:06:25.560 --> 00:06:32.400
have like KN to a fans set up here that blow across the power supplies and the

00:06:30.360 --> 00:06:37.840
radiator at the same time this right here is clearly a lot more server grade

00:06:35.160 --> 00:06:42.440
with these absolutely chunk tastic cut your finger off fans right here what

00:06:40.560 --> 00:06:48.120
hasn't changed though is how impressive their water cooling is in here we have a

00:06:45.560 --> 00:06:54.360
great big water cooling manifold that's Distributing in parallel water to our

00:06:51.039 --> 00:06:56.520
CPU and all of our gpus and then is

00:06:54.360 --> 00:07:01.120
taking all of that heat and dumping it into this great big radiator with those

00:06:58.759 --> 00:07:05.360
massive fand it looks like all of the water blocks are completely custom for

00:07:03.039 --> 00:07:09.720
Camino we've got these beautiful GPU ones that are just nice and small just

00:07:07.759 --> 00:07:14.039
look at how beautiful this vrm heat sink is over here it's just machined out of

00:07:11.800 --> 00:07:19.479
copper everything in here is just absolutely beautiful 32 GB I think the

00:07:17.400 --> 00:07:24.720
last one that we had all of them were 64 so not too much RAM 256 is still a lot

00:07:23.120 --> 00:07:28.800
though so Tanner have you done everything that you need to do with this

00:07:26.240 --> 00:07:35.599
for the video yeah have you tested the power supply red

00:07:30.039 --> 00:07:35.599
dundy no should we we can do

00:07:36.800 --> 00:07:44.599
that all right let's see if these power supplies are redundant this is a very

00:07:41.039 --> 00:07:48.240
simple test the computer is

00:07:44.599 --> 00:07:50.680
on the computer is still on good job

00:07:48.240 --> 00:07:55.319
guys one thing that isn't very server likee with this is the io we have heaps

00:07:53.120 --> 00:08:01.000
of USB ports right here normally on a server board you only get like two we

00:07:57.120 --> 00:08:05.039
also have 2 10 gig and Intel ax200 Wi-Fi

00:08:01.000 --> 00:08:08.280
which will get you Wi-Fi 6E and wpa3 for

00:08:05.039 --> 00:08:10.280
that good good high security Wi-Fi ah

00:08:08.280 --> 00:08:15.599
yes while hackers and crackers were working to defeat it WPA was doing some

00:08:13.360 --> 00:08:22.400
leveling up of its own and it's a pretty safe bet that any Wi-Fi 6 device will be

00:08:18.039 --> 00:08:24.599
using WPA 3 encryption what's changed

00:08:22.400 --> 00:08:29.000
well the new dragonfly handshake method aims to make it much more difficult to

00:08:26.720 --> 00:08:34.200
observe the handshake process and crack the password offline but along with a

00:08:31.960 --> 00:08:39.279
few smaller vulnerabilities does have one major flaw that still persists if

00:08:37.399 --> 00:08:44.640
your network contains any devices that were made before WPA 3 or one of the few

00:08:42.680 --> 00:08:50.160
devices made after that that just doesn't support it like say for example

00:08:46.760 --> 00:08:53.120
an HP printer your router will fall back

00:08:50.160 --> 00:09:01.760
to WPA2 for that device unless it is explicitly told not to that is our entry

00:08:58.279 --> 00:09:04.600
point okay wow thanks lius yeah no

00:09:01.760 --> 00:09:04.600
problem see you later

00:09:05.600 --> 00:09:13.320
buddy let's hope things go a little better with victim number two about a

00:09:09.839 --> 00:09:15.000
week ago I gave them an HP printer and

00:09:13.320 --> 00:09:18.880
as long as they didn't get far enough in the setup process to realize HP requires

00:09:17.160 --> 00:09:22.880
them to have a subscription just to use the ink in the box they're going to have

00:09:21.000 --> 00:09:26.320
that on their network doesn't that come with like a trial or something yeah but

00:09:24.760 --> 00:09:31.360
I kept that for myself what I'm going to pay for my own printer subscription I'm

00:09:28.360 --> 00:09:31.360
a hacker

00:09:32.920 --> 00:09:41.240
are you done yeah I'm done okay got the handshake data let's let's go let's

00:09:38.079 --> 00:09:43.480
go okay this is not going so well and

00:09:41.240 --> 00:09:47.680
that's because even with our stolen lock the cracking difficulty of one Wi-Fi

00:09:45.600 --> 00:09:53.399
password compared to the next can be dramatically different a traditional

00:09:50.440 --> 00:09:58.079
lock in key might have only five or six values that differ and five or six

00:09:55.399 --> 00:10:03.600
possible Heights for the teeth WPA passwords by contrast can use any of the

00:10:00.440 --> 00:10:05.839
printable asy characters and be up to 63

00:10:03.600 --> 00:10:09.320
characters long that means that the total number of different passwords that

00:10:07.760 --> 00:10:16.959
could exist is very high or at least it would be if

00:10:13.800 --> 00:10:18.440
people weren't so gosh darn predictable

00:10:16.959 --> 00:10:21.920
when you are expected to share a password with others you are much less

00:10:20.440 --> 00:10:26.320
likely to select one that looks like this and you are much more likely to

00:10:23.760 --> 00:10:30.760
select one that looks like this so with a dictionary attack or a list of words

00:10:28.800 --> 00:10:34.519
is used instead of random strings of characters hackers can drastically

00:10:32.959 --> 00:10:40.120
reduce the number of passwords that they need to attempt down from 20 Quadra

00:10:37.720 --> 00:10:45.440
gentian apparently yes that is a real number to only hundreds of millions

00:10:43.040 --> 00:10:52.079
which might still sound like a lot until you consider that a single RTX 490 can

00:10:48.240 --> 00:10:54.720
attempt over 2 million WPA2 passwords

00:10:52.079 --> 00:11:00.560
per second let's tackle a pretty typical 12 character password then with a number

00:10:56.880 --> 00:11:03.720
and a special character

00:11:00.560 --> 00:11:05.560
and yeah armed with only a dictionary of

00:11:03.720 --> 00:11:10.720
a million common words combined with a mask of any non-letter asy character I

00:11:08.000 --> 00:11:17.720
can take down your super secure but still easy to say password in just

00:11:14.399 --> 00:11:20.079
seconds all right then lonus if full

00:11:17.720 --> 00:11:25.720
sentence passphrases don't work what do I do now well you might try creating a

00:11:22.880 --> 00:11:30.680
password with a string of random upper and lowercase letters with numbers and

00:11:27.959 --> 00:11:35.920
punctuation which is is actually great in theory but unfortunately once again

00:11:34.079 --> 00:11:41.120
people are predictable and they tend to do things like use pneumonic phrases for

00:11:38.800 --> 00:11:44.880
easier memorization according to researchers at Carnegie melon these

00:11:43.200 --> 00:11:49.279
phrases often tend to be based on popular media like Shakespeare or more

00:11:47.279 --> 00:11:54.040
commonly apparently the Oscar Meer weener jingle making them susceptible to

00:11:51.600 --> 00:11:59.240
dictionary attacks all the same you could use a password generator to create

00:11:56.120 --> 00:12:00.760
a long string of truly random characters

00:11:59.240 --> 00:12:05.600
and then only share your Wi-Fi credentials through QR codes this has

00:12:03.279 --> 00:12:11.120
the benefits of being both secure and easy to use in most scenarios but it can

00:12:08.839 --> 00:12:16.480
be a huge pain as soon as you need to connect a device that doesn't happen to

00:12:13.199 --> 00:12:18.480
have a camera or at least it would be a

00:12:16.480 --> 00:12:22.560
huge pain if you allowed those devices on your network at all as it turns out

00:12:21.000 --> 00:12:27.839
you don't really have to if you just make a new network for obnoxious devices

00:12:25.480 --> 00:12:32.519
that compromise your security if all they need is internet access a really

00:12:30.199 --> 00:12:36.160
great and fairly Noob friendly way to deal with this is to put them on your

00:12:34.560 --> 00:12:41.959
router's guest SSID if they need more though then you

00:12:39.360 --> 00:12:46.839
might have to learn about vlans network security doesn't end at Wi-Fi security

00:12:44.639 --> 00:12:52.040
and Wi-Fi security doesn't end at a strong password many routers do include

00:12:49.680 --> 00:12:57.040
an option to limit networks to WPA 3 only and while this does break backwards

00:12:55.000 --> 00:13:03.600
compatibility with older or less secure devices having a second WPA 2 network

00:13:00.360 --> 00:13:06.720
using a different password and with much

00:13:03.600 --> 00:13:08.560
stricter network access rules is a great

00:13:06.720 --> 00:13:13.320
option if you're willing to put in the time to learn about it in fact at that

00:13:11.079 --> 00:13:17.720
point why stop at two networks you could have one for your main devices one for

00:13:15.399 --> 00:13:21.959
your iot devices and then a limited guest Network for your visitors it's a

00:13:19.839 --> 00:13:26.320
great way to really improve your network security usually without having to

00:13:24.079 --> 00:13:29.680
purchase any additional Hardware just like this is a great way to segue to our

00:13:28.680 --> 00:13:36.360
sponsor Squarespace are you looking to create a website but lack the technical expertise

00:13:34.320 --> 00:13:39.800
Squarespace is here to help they're all-in-one platform simplifies the

00:13:38.279 --> 00:13:43.279
process of getting your website up and running quickly with Squarespace you can

00:13:41.600 --> 00:13:48.079
grow your business online through their marketing features which include SEO

00:13:45.399 --> 00:13:51.759
support email campaigns and social tools they offer a wide selection of

00:13:49.600 --> 00:13:55.240
award-winning mobile optimized templates and their Commerce platform provides

00:13:53.360 --> 00:13:59.360
everything you need for merchandising to check out you can also access analytic

00:13:57.560 --> 00:14:03.160
insights to optimize your website performance and identify areas that need

00:14:01.639 --> 00:14:08.480
Improvement if you require assistance Squarespace has help guides and a 24/7

00:14:05.759 --> 00:14:13.759
support team so visit squarespace.com LTT to receive 10% off your first

00:14:11.800 --> 00:14:16.560
purchase if you guys enjoyed this video and you want a more detailed guide on

00:14:15.360 --> 00:14:23.759
how to improve your home network security check out the time that I separated my main network from my iot

00:14:20.759 --> 00:14:23.759
devices