Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

Last year was a banner year for old school hacks – remember HeartBleed and ShellShock – those were missed by a lot of us because it was stable code (or so we thought). Hundreds of thousands of us just focused on the newest apps and how we could exploit them. A few researchers went back over some of the mainstream code that we all used for years and found some ‘features’ that we added a while back that could be exploited today. I am willing to bet that more and more people are taking the gloves off and trying all sorts of applications to find that 0-day that will make them famous.

As a self proclaimed whitehat, I am interested in find flaws for profit. Let me be clear, I am not interested in exploiting them or selling them to blackhats – no, for I am a security researcher. My intention is to help users identify weakness in the communication devices we use on a daily basis so that we can feel safe. There are a myriad of individuals who would love to collect anything about you from advertisers who want to sell you things to our governments who want to monitor what you do with your time. When you add to that the kids that come home after school and just want something to do along with the legitimate users who hack for profit you have a lot of reasons to protect your online privacy.

Recently I put together a small computer that could be used to identify weak passwords by scanning your wireless networks. First we were able to install Linux on a single board computer and connect a wifi adapter that is used to ‘listen’ to your wireless. After a short amount of time (minutes if you have active traffic) we collect the traffic from your wireless network and package it up to be sent to our master server.

[0:08:20] starting wpa handshake capture on “BELLxxx”
[0:08:18] new client found: C4:62:EA:xx:xx:xx
[0:08:08] new client found: E8:61:7E:xx:xx:xx
[0:07:58] listening for handshake…
[0:00:22] handshake captured! saved as “hs/BELLxxx_34-8A-AE-xx-xx-xx.cap”

After approx. 10 minutes I was able to capture traffic from this WiFi AP that contains the pairwise transient key (PTK) that are exchanged when you authenticate using WPA2. If you are busy using your wireless we can capture it even faster!

Next we use GPUs (not CPUs) to check the passwords against a large database of millions of passwords. Normally this process would take days and days but by using the large processing power of video cards we are able to shorten that time frame to mere hours. When used together on one computer, multiple GPUs would take just minutes to try every possible combination.

Now with just one computer and an expensive video card we can test the combinations of pairwise master keys (known as PMKs) at an astounding rate…

Connecting to storage at ‘sqlite:///WPAcrack.db’… connected.
Parsing file ‘Xxxxx_20-AA-4B-xx-xx-xx.cap’ (1/1)…
Parsed 13 packets (13 802.11-packets), got 1 AP(s)

Attacking handshake with station e4:ce:8f:xx:xx:xx
Tried 144668765 PMKs so far (12.7%); 62770 PMKs per second.

At a speed of approx. 4 million per minute I can compare your authentication passphrase against my database of WPA passphrases. If you are not careful, someone just like me could guess your passphrase and connect to your network and you may not ever know it!

Now how important is it for you to patch your laptop, download new updates for your routers or cell phones or even verify that all your devices have the latest code (called firmware)? You have all of these devices that you need to make sure are patched, updated and not vulnerable to attack and all the hackers have to do is compromise just one of them!

Gives you a whole new lookout on ‘The Internet of Things’ doesn’t it?

Most of you might be asking yourselves ‘what can we do to protect ourselves’ right about now. There is a nice campaign put forth by the folks at SANS to help ‘secure the human’. (http://www.securingthehuman.org/)

There is also a nice poster that you can print and pass along to your family and friends – http://www.securingthehuman.org/media/resources/STH-Poster-CyberSecureHome-Print.pdf

For those of you who are serious about security (physical or virtual) you can hire a professional, we can help you evaluate your risk and then make suggestions on how best to focus your efforts to help remove it from your homes or offices.

Let’s hope 2015 isn’t the year you get hacked…