The pronouncement comes as Idappcom has launched v2.0 of its Traffic IQ automated audit and vulnerability assessment software, which was unveiled at the 360°IT show last week in London.
Because of the power of the ElcomSoft package, Anthony Haywood, Idappcom's chief technology officer, says that businesses should consider moving to Ethernet/wireline connections for their company intranets and internet access facilities.
"The update of EWSA means that, with the professional version installed, hackers can use a computer with up to 32 CPUs and 8 GPUs to crack WiFi encryption using a brute force attack", he said.
"Although the professional edition costs almost $1,200, it's reportedly possible to download a trial version of the software and crack it using utility files available via filesharing networks", he added.
According to Idappcom's CTO, whilst the irony of this situation won't go unnoticed at Elcomsoft's Russian headquarters, the reality is that the software can brute force crack as many as 103 000 WiFi passwords per second – which equates to more than six million passwords a minute – on an HD5390 graphics card-equipped PC.
Furthermore, says Haywood, if you extrapolate these figures to a multi-processor, multiple graphics card system, it significantly reduces the time it takes to crack a company WiFi network to the point where a dedicated hacker could compromise a corporate wireless network.
Idappcom's observation is that the release of the software is another irresponsible and unethical release from a Russian-based company that has clearly produced a 'thinly disguised' wireless network hacking tool with the deliberate intention of brute force hacking wireless networks.
"The solution is clearly and intentionally priced within the grasp of any hacker or individual intent on malicious wireless attacks", he said.
"Assuming you have no password and access control recovery system, if you do forget the password to a wireless network that you own, how difficult do you think it is to walk over to the device and press the reset button? In most situations resetting a wireless device, restoring a configuration and setting a new password is a process that can be achieved in minutes", he added.
Haywood says that, whilst his firm would always recommend that companies install an IP traffic analysis solution on their network, the arrival of the refreshed version of EWSA means that users can no longer trust that their WiFi connection – unless they use a VPN – is truly secure.
"The irresponsible release of EWSA has profound implications for users of online banking and allied services, as well as company emails, which frequently contain company private information", he said.
"The even bigger question is whether a company using a wireless network on its premises can still be considered to be secure as far as the Data Protection Act is concerned, but that is a decision for the Information Commissioner's Office to make", he added.