UPDATE: Reaver Pro now available on the HakShop!
Yesterday, Stefan over at .braindump released a white paper detailing vulnerabilities in the WiFi Protected Setup (WPS) protocol that allows attackers to recover WPA/WPA2 passphrases in a matter of hours.
This is a capability that we at TNS have been testing, perfecting and using for nearly a year. But now that this vulnerability has been discussed publicly we have decided to announce and release Reaver, our WPS attack tool, to the open source community. Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point).
While we have released Reaver as an open source project, we also offer a commercial version with additional features and functionality as well as a support plan. Since nearly all access points manufactured in the past few years have WPS support enabled by default, attacking WPS provides several advantages over attacking WPA directly:
- Cracking the WPS pin is, obviously, much faster.
- Once you have the WPS pin you can instantly recover the WPA passphrase, even if the owner changes the passphrase.
- Access points with multiple radios (2.4/5GHz) can be configured with multiple WPA keys. Since the radios use the same WPS pin, knowledge of the pin allows an attacker to recover all WPA keys.
Of course the disadvantage is that WPS can be disabled. However, in our experience even security experts with otherwise secure configurations neglect to disable WPS; further, some access points don't provide an option to disable WPS, or don't actually disable WPS when the owner tells it to.
To learn more about Reaver, visit our product page, or the open source project on Googlecode.
Columbia, Maryland (March 10, 2011) - Terry Dunlap and Peter Eacmen, partners of Tactical Network Solutions (TNS), will be making presentations at the 6th CyberWatch Mid-Atlantic CCDC (Collegiate Cyber Defense Competition) held at the Kossiakoff Center at The Johns Hopkins University Applied Physics Laboratory this weekend, March 10-12, 2011.
- How Your Computer Got p0wn’d! Security Updates & Patch Management Saturday, March 12, 2011, 2:00 - 3:00 p.m.
Microsoft, Apple and various Linux distributions now incorporate some type of automated update system to keep a user’s computer relatively safe from exploits and malware. However, many people and corporations fail to properly configure these automatic updates leaving them vulnerable to attack and exploitation. Others choose not to apply the security updates out of fear of breaking something or because of a lack of knowledge.
A live demonstration will illustrate the consequences of neglecting security updates on a Windows XP computer. Proper auto update configurations will be explained to avoid becoming a victim.
- Insecurities in Universal Plug & Play Saturday, March 12, 2011, 3:00 - 4:00 p.m. and 4:00 - 5:00 p.m.
Universal Plug & Play (UPnP) is a convenient technology found in many embedded devices, such as home routers and wireless access points. The purpose of this technology is to allow various heterogeneous, network-enabled devices (e.g., phones, video game consoles, DVRs, etc.) to seamlessly communicate to the outside world without user configuration. To this end, UPnP devices automatically make firewall changes to a user’s network without their knowledge.
A live demonstration will illustrate the insecurities of modern day wireless access points with UPnP. Steps to secure the network against such attacks will be discussed and demonstrated.
About the 6th CyberWatch Mid-Atlantic Collegiate Cyber Defense Competition: The competition pits student teams from two- and four-year colleges and universities against "red team" hackers who are trying to disrupt and compromise their networks. Students are focused on the operational aspects of managing and protecting a network infrastructure. Teams are scored based on their ability to detect and respond to outside threats, maintain availability of existing services (e.g., e-mail servers), respond to business requests (e.g., add user accounts), and balance security needs against business needs. The winner of the Mid-Atlantic CCDC will advance to represent the region in the National CCDC, April 8-10, in San Antonio.
For more information about the competition including the agenda, please visit www.midatlanticccdc.org/CCDC/.
About Tactical Network Solutions: Tactical Network Solutions, LLC (TNS) provides custom cyber capabilities, network warfare support, and expert consulation to government agencies, law enforcement, and other security-conscious organizations. Founded in 2007, TNS employs researchers with various backgrounds in software engineering, vulnerability analysis, reverse engineering, and wireless technologies. The goal of TNS is to provide quick-response solutions to the technical challenges faced by modern day tactical military units, government agencies, and the private sector.
About NeoTech Incubator: The NeoTech Incubator, a program of Howard County’s Center for Business and Technology Development, helps entrepreneurs develop thriving technology companies. NeoTech accelerates the growth and success of emerging technology businesses through access to resources, information, and a community of excellence. The NeoTech Incubator is a three-time winner of the National Business Incubation Association’s Innovation Award. To learn more about the NeoTech Incubator and The Center for Business and Technology Development, visit www.thecenter.biz.
About The Center for Business and Technology Development: Founded in May 2000, The Center is dedicated to the discovery, stimulation, nurturing, growth, and success of entrepreneurship in Howard County. It has earned a reputation for providing valuable assistance to its clients and for creating innovative programs that foster entrepreneurship in the region. The Center provides assistance to more than 1,500 entrepreneurs annually through its unique combined services platform. A “one stop shop” for entrepreneurial services, The Center supports small and medium sized businesses through its Business Resource Center, NeoTech Incubator, and Howard Technology Council. Find more information at www.thecenter.biz.
The Center for Business and Technology Development is part of the Howard County Economic Development Authority, a public-private partnership whose primary goal is to promote economic growth and stability by supporting existing businesses, targeting new businesses, and attracting corporate/regional headquarters. The Authority also maintains several programs aimed at the special needs of small, minority-owned, and agricultural business communities. Additionally, the Authority strives to preserve the distinctive quality of life in Howard County. The Authority can be reached at www.hceda.org.
HCEDA Press Release can be found at HCEDA News & Information.
Washington, D.C. (January 29, 2011) - On a nondescript residential street near Dupont Circle, passersby 2142 Newport Place might have noticed a nondescript sign affixed to the wall with blue painters tape. To the uninitiated, this sign might seem comical, corporate, or simply unnoticeable. But to a core group of Shmocoon 2011 attendees and friends of Tactical Network Solutions, this was an indication that they had finally stumbled off the cold January streets of D.C. and arrived at the Safe House.
The Safe House, designated so not only for it's protection from the weather and the bustle of conference attendees, but also because of the secured network traffic available to it's guests, was host to a lavish house party on day 2 of Shmoocon 2011. Tactical Network Solutions, hopefully starting a company tradition, rented the house on Dupont Circle to act as a headquarters for the company's conference attendance. "Given the proximity to the conference and the private space available, a party was inevitable" commented one TNS employee who wished to remain anonymous due to their voice performance on Rock Band.
ShmooCon is a hacker convention that naturally attracts the members of TNS. It is three days of an "interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues" (shmoocon.org). The conference popularity is underscored by the fact that tickets are usually sold out with in seconds of being made available. Because of this, the Safe House also featured live streaming from the conference on a big screen TV for interested employees who could not get into the conference.
"I wanted particularly to come to Shmoocon because this is my community, this is where I'm from" was an often repeated sentiment by Johnny Long and others at the conference. This sense of community contributed hugely to the success of the Safe House party, which had an intimate feel even for newly met acquaintances. "The goal of the party was to connect with current and future customers in a more relaxed environment" said Terry Dunlap, CEO of Tactical Network Solutions, "it was a success".
Columbia, Maryland (October 15, 2010) - Alexandra Fodel of Atholton High School in Columbia, Maryland and part of the 2010 Leadership U, Howard County class joined Tactical Network Solutions today as part of Leadership U's Shadow Day program.
Leadership U Shadow Day kicked off with a breakfast ice breaker hosted at Turf Valley Golf Course and Resort. After coffee and continental breakfast, companies were introduced to their students, who had preselected who they would like to shadow. Diane Freedman, Director of Youth Programs, and Ken Ulman, Howard County Executive spoke to the assembled group, encouraging students that the companies volunteering were interested in their success, and to use the time to either discover a new profession, or perhaps to decide if a profession wasn't quite in their interest.
Alexandra mentioned that she had chosen to shadow Tactical Network Solutions because she was interested in programming, and perhaps hacking, and because she had already taken a computer science course at her high school. After a brief orientation at the Tactical Network Solutions offices in the HCEDA NeoTech Incubator, Alexandra participated in a demo "war driving" exercise, driving around the Columbia Town Center collecting wireless access point information. The exercise also involved a scheduled test of software that is currently in development at Tactical Network Solutions.
After lunch, John Harmon gave Alexandra a brief programming tutorial in Python- including creation of a simple Python script. Later in the day, Peter Eacmen taught Alexandra how to solder a through-hole printed circuit board, and she successfully created a "Tiny Cylon" PCB- a board with 5 LED lights that animate to create the Cylon eye effect from Battlestar Galactica.
Everyone at Tactical Network Solutions was very impressed with Alexandra, her professionalism, and her interest. She assisted in planned tests and activities, and was extremely helpful. "We're confident that Alexandra has a bright future ahead of her, and her enthusiasm has encouraged us to participate in Leadership U Shadow Day in the future" said Peter Eacmen.
Leadership U is a four month program for high school aged students, whose purpose is to get students involved in solving community issues as well as developing future county and community leaders. Leadership U consists of a week long summer program, a fall practicum involving community service projects, and a shadow day, which provides students with the opportunity to spend time with community leaders to learn how businesses and organizations function.
Columbia, Maryland (September 27, 2010) - Terry Dunlap, Chief Executive Officer of Tactical Network Solutions (TNS), joined President Obama at the White House this afternoon to witness the signing of the Small Business Jobs Act of 2010. Tactical Network Solutions is located at the NeoTech Incubator at the Center for Business and Technology Development in Columbia, Maryland.
Dunlap was one of a select group of small business owners invited to attend the signing ceremony, an honor that developed in a very condensed time frame. Dunlap’s closing on a business line of credit for TNS was delayed when a representative from his bank, M&T, contacted him to recommend waiting until after the Act was signed into law. The postponement eliminates up to $3,000.00 in fees required by the Small Business Administration (SBA) before the Act’s passage. As the owner of a start up business, Dunlap was grateful for his bank’s timely, proactive advice and made the sound decision to avoid significant fees. Within the next few days, M&T contacted Dunlap again to ask questions on behalf of the SBA regarding the Act’s impact on his business.
Dunlap notes, “There were questions about the type of business I have – I am in the cyber industry – and how this bill might benefit my firm. My business is at an early stage in its existence, making those several thousands of dollars in fees quite burdensome. Obtaining the line of credit allows me to hire at least three, and perhaps up to five new employees immediately.”
Dunlap answered the questions and sent M&T additional information on his firm and its employees for SBA use. Late Friday afternoon Dunlap’s phone rang again; this time it was the White House Small Business Outreach Office asking him to attend the Act’s signing on Monday. Surprised and pleased, he accepted the invitation.
“Small businesses are the source of most innovation and job creation in our economy. Access to capital is critical for their survival and growth, and that access has been severely constricted lately. Hearing of M&T’s strong support of our mutual client, Tactical Network Solutions, and learning about the new jobs this line of credit will facilitate is exciting, encouraging news,” said Linda Burger, Senior Vice President at the Center for Business and Technology Development.
Related news items:
- Original Howard County Economic Development Authority Press Release
- White House Bill Background Summary
- Maryland Governor O'Malley's Press Release
- Politico News Coverage