14th TS displays cyberattack defenses Published March 31, 2015 By Airman 1st Class Rachel Loftis 99th Air Base Wing Public Affairs 3/26/2015 -- NELLIS AIR FORCE BASE, Nev. -- The mission of the United States Air Force is to fly, fight, and win in the air, space and cyberspace. For the sixth year in a row, the Air Force Reserve's 14th Test Squadron -- a fully integrated operational testing partner within the U.S. Air Force Warfare Center here -- showcased current issues in cyberspace and the ways to defend against them. The annual Armed Forces Communications and Electronics Association Cyberspace Symposium, recently held in Colorado Springs, Colorado, provided a national forum for facing and solving the challenges of cybersecurity, community cyber readiness, and national defense. The 14th TS encompassed the principle of fighting in cyberspace by presenting five current risks. These risks included Wi-Fi exploitation, cantenna, powerPWN, malicious hotspot and radio frequency skimming. Wi-Fi exploitation During the symposium, the squadron displayed the vulnerabilities of wireless routers by not disabling the wireless protected setup feature on a wireless router they had purchased on base. Most current Wi-Fi routers come with WPS enabled by default. The WPS pin number was actively attacked by the 14th TS and returned the Wi-Fi password after an hour. "Today, 'cyber' is the big buzz word," said Maj. Marc Weber, 14th TS technical director. "I believe when a word becomes a buzz word, it loses its meaning in reality. This cyberspace symposium is great opportunity for us to showcase exactly how cyber criminals can exploit their victims in everyday routines," Weber explained "For example, our Wi-Fi demonstration discovered the WPA2 encryption key of a standard home router within hours using a WPS exploit. How many people have Wi-Fi routers in their homes and have not disabled the default WPS setting because they do not know it is a broken protocol?" Cantenna The 14th TS successfully built a cantenna, which is a signal amplifier, for under $20 using a potato chip can and common copper pipe. According to the 14th TS, theoretically, the antenna is capable of picking up a Wi-Fi signal by reaching over 10 miles making exploitation a larger issue. PowerPWN The squadron explained how easy it is to disguise a malicious device known as a powerPWN, into an everyday item such as a power strip. This device can compromise and control a network remotely. 'PWN' is an internet slang term for own or dominate. Malicious hotspot The squadron also stressed the importance of Wi-Fi hotspot security. "The 14th TS had a live hotspot running that would reroute all web pages to a warning page about the dangers of joining an unknown hotspot," said Weber. "A Wi-Fi hotspot can be used by cyber criminals to trick mobile users into using the hotspot and then capture their credentials when they sync their emails." Radio frequency skimming The squadron touched on "radio frequency skimming," which is used to steal credentials from credit cards, restricted area badges and room keys from up to four feet away from a victim. Radio frequency skimming is a cybercrime which uses the radio frequency identification chip embedded in a debit, credit, access control or government issued identification cards. These cards use radio waves to transmit the holder's information simply by swiping it in the proximity of a card reader. Criminals are using this technology to steal people's identities. There are ways to prevent RFID skimming such as purchasing a wallet that blocks RFID transmissions, wrapping each card in aluminum foil, and even using and old coffee bag as a cover for a current wallet. The symposium included several senior leader military keynote speakers from all around the U.S. military who focused and highlighted many achievements and goals, as well as challenges faced in the cyber world. "The cyberspace symposium is a great forum among civilians, government employees and military professionals to talk all things cyberspace," said Lt. Col. Rob Jackson, 14th Test Squadron commander, "For the 14th Test Squadron, the symposium is a great opportunity to demonstrate our cyberspace testing capabilities as well as represent the 926th Wing and Air Force Reserve Command, at this year's symposium, we also had a cyberspace operations officer from the 17th Test Squadron, which is our active component associate. The symposium has really become a true total force integration effort for us to demonstrate our testing capabilities and highlight vulnerabilities that exist in the cyberspace domain."