Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Wireless Networking Security Windows IT Linux

Windows 7 Can Create Rogue Wi-Fi Access Point 123

alphadogg writes "Windows 7 contains a 'SoftAP' feature, also called 'virtual Wi-Fi,' that allows a PC to function simultaneously as a Wi-Fi client and as an access point to which other Wi-Fi-capable devices can connect. The capability is handy when users want to share music and play interactive games. But it also can allow on-site visitors and parking-lot hackers to piggyback onto the user's laptop and 'ghost ride' into a corporate network unnoticed." While this means a bit more policing for networks meant to be locked down, it sounds like a good thing overall. Linux users, meanwhile, have had kernel support (since 2.6.26) for 802.11s mesh networking, as well as Host AP support for certain chipsets.
This discussion has been archived. No new comments can be posted.

Windows 7 Can Create Rogue Wi-Fi Access Point

Comments Filter:
    • Re: (Score:3, Interesting)

      by jhaar ( 23603 )

      Actually, can someone explain to me what the real difference is between "master mode" and AdHoc or mesh networks?

      Why is it that only a few chipsets can "do" proper full-blown "master mode" (ie be an Access Point), and yet other chipsets can be used as AdHoc or mesh? I mean - what's the fundamental difference? I've been through this with Linux systems and can't understand why I can't just grab any WLAN card, bring up the interface and whack a DHCP server on it - why doesn't that work for them all?

      Just wonder

      • Re: (Score:3, Interesting)

        by Cyberax ( 705495 )

        "Master mode" means that your computer works as a central access point, other computers use it to relay the data.

        "Ad-hoc" is a special mode for masterless networks, but it allows to connect only two computers (in essence, wireless channel becomes an analog of good old Ethernet cable).

        "Mesh mode" is 'ad hoc' on steroids, it allows any number of computers to connect and uses dynamic routing.

        Master mode requires certain additional functionality from your card (managing connections, transmitting SSID informatio

  • by Josh04 ( 1596071 ) on Friday February 19, 2010 @06:44PM (#31206058)
    Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.
    • by goldaryn ( 834427 ) on Friday February 19, 2010 @06:49PM (#31206112) Homepage

      Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

      True. Incompetent users are the problem irrespective of platform. Never forget - computers do what you tell them to do, not what you meant them to do

      Watch us both get modded down now

      • Re: (Score:3, Insightful)

        Slashdot reported on it earlier, then it was complaining that it wasn't finished. Now it's complaining that it can be made to work.

        http://mobile.slashdot.org/story/09/11/03/1649246/Unfinished-Windows-7-Hotspot-Feature-Exploited?from=rss [slashdot.org]

        "It wasn't all that long ago that Microsoft was talking up the Virtual WiFi feature developed by Microsoft Research and set for inclusion in Windows 7, but something got lost along the road to release day, and the functionality never officially made it into the OS. As you might expect with anything as big and complicated as an operating system though, some of that code did make it into the final release, and there was apparently enough of it for the folks at Nomadio to exploit into a full fledged feature. That's now become Connectify, a free application from the company that effectively turns any Windows 7 computer into a virtual WiFi hotspot — letting you, for instance, wirelessly tether a number of devices to your laptop at location where only an Ethernet jack is available, or even tether a number of laptops together at a coffee shop that charges for WiFi."

        • by natehoy ( 1608657 ) on Friday February 19, 2010 @07:51PM (#31206574) Journal

          No, a VENDOR who wants to sell you lockdown software is complaining that it can be made to work.

          • Re: (Score:3, Insightful)

            Comment removed based on user account deletion
            • But any technology can be exploited if used incorrectly or just left unlocked for anyone to use. It will always have to be locked down by the IT department before deployment if they don't want to be pwned and are actually worth the money they are being paid. How exactly is this news again?

              Because most people using their laptop in a coffee shop and setting it up as a wifi hotspot are not going to be business users with a large corporate IT department behind them (mainly because such users will have had it di

              • the number of businesses who do not have a large corporate IT department (or a competent one)

                So that's most of them then!

                That's one of the things that people say is good about Windows - that it's so easy, anyone can use it.

                They may say that - both they are wrong.

                • Keeping Windows secure (locking stuff down, separating user and admin accounts, installing and updating anti-malware, etc.) is too hard for most home users I know. Why do you think IE has a porn browing mode? Because the whole family shares a single login.
                • Installing software on Windows is difficult (compared to Linux as long as its in the repos, anyway)
                • The Windows UI is very familiar because it is widely used, but it is not actually particu
                • Re: (Score:3, Funny)

                  by mr_mischief ( 456295 )

                  Using Windows is very easy so long as you don't expect to install it with decent hardware support OOTB or with decent security OOTB. It's so easy to use that within an hour online, it's often being used by someone the owner never intended. ;-)

              • Comment removed (Score:5, Insightful)

                by account_deleted ( 4530225 ) on Saturday February 20, 2010 @03:02AM (#31208568)
                Comment removed based on user account deletion
                • Well if they pay bottom dollar and and only hire the cheapest most underpaid flunky they can get to save a few buck, and they get pwned, I should care....why exactly?

                  Because those pwned computer send you spam.

              • by verbal ( 24849 )

                Doesn't anyone feel sad about this?

                IT is not something you do on the side or just start off without getting real training.

                IT is serious. If the sector does not 'grow up', business people will have justified nightmares about IT costing too much money and bringing not enough value.

                Shake the tree!

      • by CharlyFoxtrot ( 1607527 ) on Friday February 19, 2010 @08:30PM (#31206822)

        Never forget - computers do what you tell them to do, not what you meant them to do

        I have a mac you insensitive clod, it does what His Steveness (peace be upon him) meant it to do.

      • by gmuslera ( 3436 )

        computers do what you tell them to do, not what you meant them to do

        Who is "you" there? The user? Microsoft? others?

        In both activating that requires admin/root access, or giving admin access to a program that do that for you.

        That program could be a trojan. Still, you have to run that trojan as admin. Now, running an untrusted binary in linux, as admin, even if is for your architecture, seems to require a bit more complex effort in the social engineering side than in Windows to make you run it. And don't know how many windows owners do their normal use of their machines

      • True. Incompetent users are the problem irrespective of platform. Never forget - computers do what you tell them to do, not what you meant them to do

        The Anti-Microsoft bias is retarded, but it does highlight a problem. A problem, mind you, which has existed since Microsoft introduced Internet Connection Sharing in, what, Windows 98? Or was it from Windows 95 OSR2? The fix is to use IPSEC with per-machine certificates (ow! administration nightmare) to a gateway device for all communications. You don't need to encrypt, only to authenticate the host (AH, no ESP.) Perhaps you could also lock it down by MAC at the same time, which is only slightly useful wit

    • by goldaryn ( 834427 ) on Friday February 19, 2010 @06:55PM (#31206166) Homepage
      Insightful? He's got the century wrong!
    • Hey! We've totally had that since 19VV!
      • 2.6.26 is less than 2 years old. Not too much to brag about since Linux is on a much more rapid development cycle than Windows.

    • by Draek ( 916851 )

      Actually, it should be "Linux has had feature W since 20VV" since its about Windows' and Linux' capabilities to work as a WiFi access point which, as TFS states, is actually a pretty useful feature in many scenarios. The only problem with Windows' implementation is that its presumably(*) turned on by default, which can be problematic in some enviroments from a security standpoint.

      (*) "presumably" because TFA is awfully thin on details, and is fairly unapologetic about being an ad for some security company's

    • Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

      You got that last bit wrong. It's "Linux has had feature X since 21VV, the 'Year of the Linux Desktop'."

    • Er, no. In this case, Linux has features Q and R, which aren't anything like X, but chances are nobody will notice.

    • Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

      Hmmm... The same year Dr. Wily tried to take over the world.. again!

      Coincidence, I think not!

  • by hkz ( 1266066 ) on Friday February 19, 2010 @06:45PM (#31206062)

    Ghost ridin' the whip! No seriously, I've been wanting to use the Linux host AP features to bring up a mischievous AP that does man-in-the-middle attacks. I'd be connected to some open wifi somewhere, and someone would connect to my netbook and also see an open access point. I'd then give them the upside-downternet: http://www.ex-parrot.com/pete/upside-down-ternet.html [ex-parrot.com]

    • by MrEricSir ( 398214 ) on Friday February 19, 2010 @06:48PM (#31206102) Homepage

      I think you mean "ghost ride the WEP."

    • by hkz ( 1266066 )

      Note: I was deliberately playing down the consequences of that scenario. You could "own" someone pretty thoroughly if that someone was uninformed enough (which 90% of people are) to send sensitive stuff over the network unencrypted. Which is why I use ssh tunnels to a trusted server whenever I'm on an open AP.

      • I think I need to introduce you to SSLStrip and Moxie Marlinspike.. http://www.thoughtcrime.org/software/sslstrip/ [thoughtcrime.org]

        Unencrypted sensitive data isn't even necessary.

        • SSLStrip does nothing to disable SSL. If you see the video posted in your link - the guy types "http://gmail.com" and instead of being sent to "https://www.google.com/accounts/ServiceLogin?" to login, he is being redirected to "http://www.google.com/accounts/ServiceLogin?". That is SSL is still safe, provided you take notice of whether you are on an encrypted page or not.
          • SSLStrip watches for https connections and redirects them as well. He even went into great detail why and how it works: http is the thorn in the side of https.
        • Perhaps you need to be introduced to ssh and the concept of an ssh tunnel. It has nothing to do with SSL.

      • The TV show the Real Hustle showed this run as a scam to harvest credit card details. A scammer with a laptop sets up as a fake access point which serves up fake payment screen to anyone who connects to that point. Most of the people connecting to the point assume that the payment screen is legitimate and enter their details. You might not catch the truly paranoid or alert, but there's still plenty of people who would be fooled.
  • by DiamondGeezer ( 872237 ) on Friday February 19, 2010 @06:47PM (#31206086) Homepage
    I don't participate much in the bore-a-thon dick-measuring contest called "Windows v Linux" on /. but for the record, its crap reporting to claim that Windows 7's "SoftAP" is a "rogue" which allows "ghostriding" while Linux's "802.11s mesh networking" is somehow better because it pre-dates Windows 7 when it allows the same problem which needs to be policed.

    I have lots of criticisms of Windows generally and I run XP and Kubuntu, but SoftAP is a network management issue for corporate networks, not a "rogue".
    • by gad_zuki! ( 70830 ) on Friday February 19, 2010 @07:01PM (#31206242)

      Agreed, this is beyond stupid. You could do the same with XP if you like, but now its a little easier. I used to share a cellular card this way years ago. The "policing" and "lockdown" of "rogue" access points is like one click in group policy or a value in a reg key.

      Slashdot has become the fox news of tech.

      • Also, how many corporate machines are running with wireless cards?

        • by kevingolding2001 ( 590321 ) on Friday February 19, 2010 @08:01PM (#31206640)

          Also, how many corporate machines are running with wireless cards?

          More than you might think. At my work they issue everybody with laptops. They all have inbuilt wireless.

        • Re: (Score:3, Insightful)

          Quite a number. Perhaps not your average cubicle-slave but certainly those in 'client-facing roles' and those encouraged to take work home with them (read unpaid overtime). If security is lax, don't underestimate teenage children in re-enabling features on their parent's work laptop. Then there's consultant teams hired on a project basis that bring their own hardware and aren't subject to internal re-imaging of machines.

      • by Krneki ( 1192201 )
        This is why you press the "-" button near the news.
    • Re: (Score:3, Insightful)

      by maxrate ( 886773 )
      I couldn't agree with you more - seems a good few of the /. linux user base has 'something to prove' quite often. It gets old real quick. I just wish it would end.
  • So....what's the problem? Hundreds of features can be used to do evil.


    Damn!...I forgot to cover the USB hole again! Now a hacker can plug a dirty cable in it!

    More seriously, I get it, it's the fact that it is a hidden feature. Still, leave MS alone and stop the fuzz. I may not like them; I may not stand them, but you seem to hate them more^^
  • So you install a wireless IDS like this one [airwave.com] and monitor the airwaves and the wired data path to see if a MAC address shows up in both places...

    and then my company makes all the money [google.com]. whee! :)
    soon to be part of a hosted service offering [airwave.com] as well.

  • by hkz ( 1266066 )

    I'd be more impressed if Windows 7 could create a rouge access point.

  • And certainly other OS's have this feature too.

    But you have to look at the big picture. This feature can be combined with one of the other Microsoft "remote access features" that they have been working so hard to remove from their product.

  • Who's that surfin, Patrick Swayze?!
  • What is this crap (Score:5, Insightful)

    by CSHARP123 ( 904951 ) on Friday February 19, 2010 @06:57PM (#31206198)
    Any OS will have problems if used incorrectly. This biased reporting is BS. It needs to stop.
  • Comment removed based on user account deletion
    • Re: (Score:3, Insightful)

      Yes, it's that simple... and for most people, they don't want to research all that.

      And if Linux wants to be popular with those people, it's going to have to change a bit.

      It's more than knowing how a computer works. The only thing you're talking about right now is software. You're not talking about having to know how a graphics card works in order to use it. You're talking about software configuration. But the problem I have with your simplistic explanation is this: for most people, a generic configurati

      • Re: (Score:1, Troll)

        by module0000 ( 882745 )

        And if Linux wants to be popular with those people, it's going to have to change a bit

        We *don't* want to be popular with "those people", you, or your digital camera that you mention.

        We assure you get relevant results when you type search queries into google.com. We do NOT assure your OS detects your digital cameras evidence of you cosplaying at comicon.

      • Re: (Score:3, Interesting)

        Comment removed based on user account deletion
        • In general, I agree with you. The problem I have is that it seems a lot of Linux users look down their noses at Windows users, as though they are stupid and ignorant and if they REALLY were intelligent they would use Linux... because it's intelligent people that care about their computer that are interested in dealing with the issues in order to run a superior operating system.

          I guess it's the "superiority complex" issue that seems to be what I take issue with. I know people that are quite happy with Wind

    • Rubbish. If you have an installed Linux system, what do you need to learn to do everyday tasks like web surfing or word processing? That you use "firefox" instead of "The blue E" and "OpenOffice" instead of "Office".

    • My time is no longer worth nothing and the last thing I want to do is spend time dicking around with a computer for everyday use. At work it costs money and at home, it's the last thing I want to do when I get home. And every time I attempt to use Linux in a desktop environment, I still have to fuck around with some piece of hardware to get it to work. Hell even when I did research this last time on wireless hardware, all the sites said it would work and the card was a couple years old. So I bought it a

  • Easy Solution (Score:5, Informative)

    by The MAZZTer ( 911996 ) <megazztNO@SPAMgmail.com> on Friday February 19, 2010 @07:09PM (#31206290) Homepage

    This doesn't seem like any more of a problem than someone jacking in to an empty ethernet port on your network, except that a) they can do it from outside the building wirelessly and b) any special software used by the 7 user to access the network could potentially helpfully forward packets from others, but that would probably be a fault of the software not checking the origin IP on packets...

    Anyways the fix is simple. Require authentication for all network resources. Windows enterprise solutions are set up like this by default and do it transparently using Windows login credentials. An intruder on your network would be unable to access anything. There is the LITTLE issue of exploits, so you can either batten down the hatches as much as you can and continually scan for suspicious network traffic, or you can try an alternate solution which may work better (a combination of both would be best):

    For complete security, IT could notify all employees that use of this feature is not permitted. On corporate machines it could be disabled or removed or steps taken to block access, but you must assume users are clever enough to get it working (not to mention booting from a LiveCD bypasses every protection known, except complete Windows software compatibility. Someone did mention Linux software that did this though, and my brother's WiFi card supposedly does it too with a special included application.). IT could also compromise and allow users to use it if it is properly configured, with clear steps outlining how to check if this is the case. However either way, severe penalties (starting with being kicked off the network until you have resolved the problem) would be issued for having an open access point. IT would have to periodically stage their own "attacks" to look for such hotspots and attempt to connect, and then lock the user out of the network if they are able to access the user's machine anonymously (ie folder shares with company files) or the network.

    OK so it's a long winded solution but basically: The problem isn't new, lock down systems with authentication best you can, routinely scan for hotspots and penalize users that put them up.

    Disclaimer: I am not a security expert but I like to think I've picked up a few things.

    • Re:Easy Solution (Score:5, Informative)

      by Niobe ( 941496 ) on Friday February 19, 2010 @07:18PM (#31206346)
      You are misunderstanding the problem. The PC running this feature becomes a router bridging their local and probably unauthenticated network with whatever secure network they are already connected to. Add network connection sharing to the mix and you have a security hole regardless of how 'locked down' the original network is. How big a problem this is will depend on the implementation and I haven't seen it.
      • No, you are misunderstanding the problem. None of these features: virtual WiFi, connection sharing and bridging, are turned on by default.

        The GP is exactly right. If someone wants to 'attack' your network this way, it's no different from walking in with a laptop and an extra usb wifi device. Windows 7 makes it slightly less expensive, that's all.

      • Re:Easy Solution (Score:5, Insightful)

        by DavidD_CA ( 750156 ) on Friday February 19, 2010 @11:50PM (#31207894) Homepage

        Group Policy can disable this for all domain users in one click.

        And even if left on, what admin would allow a non-authenticated user access to anything on the network?

        Besides, if I had enough access to a machine to turn this feature on, couldn't I just take control of it via traditional means? Why bother.

      • by weicco ( 645927 )

        But still they have to authenticate against AD to access shares? Well, I guess this depends how things are configurated but I sure as hell can't access our corporate network shares without proper authentication.

      • [sarcasm] windows ( or any other OS) is so insecure! skilled user/admin can use commands like format c: or rm -rf /, let's wipeout them from our hard drives! [/sarcasm]
    • Cisco Wireless (used to be airespace) and other wireless management controllers have had the ability to detect rouge networks for at least 5 years. If they see a rouge, they can attempt to use the nearest AP to connect, and see if the packets can route back to your network. (Showing you if someone plugged a linksys router into your building's wired network, or if the business next door just got wireless)

      The Airespace controller even had a "feature" that was heavily discourgaed that would basically take a

      • Cisco's implementation is the most cumbersome and the most expensive. I don't truly know how useful it is compared to Aruba's, but I know that Aruba's works like a charm every time, and is automatic and fast.
    • Where I come from, deliberately bypassing network security is a one-strike-and-you're-out termination offense.

      • by dave562 ( 969951 )

        Can you stop by and have a conversation with my HR department? The finance department seems to be stripping security out of the network under the guise of "controlling costs", yet I can't get an HR policy to make it a termination worthy offense to bypass the few controls that are left.

    • by dbIII ( 701233 )

      Anyways the fix is simple

      Yes, give cisco sh*tloads of money. It's just like the easy solution with corrosion, coat everything in gold. There are better things to do with budgets.
      I had an idiot bring in his own wireless access point instead of borrowing any of the spare 8 port switches and a 2 metre cable - and that idiot turned on dhcpd and took quite a few people off the network. The only real way to stop that is firewalls all over the place or firewalls built into all the switches. Effectively you tel

      • by grub ( 11606 )

        The only real way to stop that is firewalls all over the place or firewalls built into all the switches.

        Most intelligent switches can block with ACLs. We block all sorts of nefarious things at out place.
    • by mysidia ( 191772 )

      This doesn't seem like any more of a problem than someone jacking in to an empty ethernet port on your network

      Unused ports are left unusable. Assigned to a 'quarantine VLAN' which has only an IDS on it designed to set off alarms if anything sends traffic to it.

      Ports that are in use, have port security enabled with sticky MAC address, and thus an alarm is also set off on violation.

      but you must assume users are clever enough to get it working (not to mention booting from a LiveCD bypasses every prot

    • by sam0737 ( 648914 )

      I didn't RTFA, but I guess the problem is user will see an AP with the same SSID that user used to be connecting...and tricked into connecting it but that's actually a rouge one? Even without Win 7, I could do it with a $50 SOHO Wireless Router!...

      The parent is right - If your network is that sensitive, please turn on Group Policy to requires IPSec encryption on both ends, and requires Proxy (say MS ISA) to go to the Internet. Then the rouge AP doesn't really matter.

    • If SoftAP works as well as the Softmodem (Winmodem) I'm using right now; let me expla...{#`%${%&`+'${`%& NO CARRIER
  • I need to play with this feature on my W7 laptop, I wonder how far the reach is on this and how well I could daisy chain this, just out of curiosity more than anything useful.

  • Didn't we already go through this with Ad Hoc networks on the original version of Win XP? The 'Free Public Wifi' SSID is still around today thanks to this poorly conceived 'convenience' and it was a nightmare for anyone trying to manage a secure wireless network. I think time will show this feature not being worth the trouble it causes.
  • What you attempt with 'ghost ride' is better communicated and less retarded with one of the following phrases:

    * piggy-backing
    * covert channel
    * out-of-band

    There's no applicable analogy with 'ghost ride' to communicate what you're trying to describe. Don't try to introduce new lingo. You might as well call it 'Dog sledding' as it has just as much in common with covert channels as 'ghost riding' does.

  • Seriously! That is exactly what I wanted to do a few months ago, but it seems I can't with my WiFi Link 5300. Hostap seems to be for Prism chipsets. Easily creating an AP to share files or to play with neighbors [ex-parrot.com] was one of the bonuses I expected from my switch to Ubuntu. What is going on? Is Windows now becoming the fun OS for geeks and Linux the boring Desktop for the average users?

    • by mrbene ( 1380531 )
      Is the WiFi Link 5300 Intel based? A recent blog entry [blogspot.com] from Connectify indicates that there may be issues with those drivers - at least for Windows. Mind you, if Intel has outstanding issue in the Windows drivers, it's possible that it's a problem in Linux version as well.
      • Lacking more info, I'm going to venture a guess that yes, the 5300 the GP mentions is the Intel Pro Wireless 5300 chipset (802.11abgn, and generally pretty darn good). The Linux drivers for it are open-source, but that doesn't necessarily mean bug-free or that all features are available. It does mean you could try to get it working yourself if you want, though. I have one such chipset myself, and while I've never tried to make it act as an AP, it would be neat to be able to do so.

        On a side note, are there a

      • by rduke15 ( 721841 )

        Yes, it's the Intel WiFi Link 5300 (in a Thinkpad), using the iwlagn driver (in Ubuntu 9.04). Not sure if it's because of the chipset, the driver or their combination, but it doesn't support master mode:

        # iwconfig wlan0 mode master
        Error for wireless request "Set Mode" (8B06) :
                SET failed on device wlan0 ; Invalid argument.

    • MAC802.11 supports creating an AP and since the standard intel wireless driver is MAC802.11 based you should be able to do this easily with the aircrack-ng suite.
    • Windows 7 can do lots of cool stuff I like.

      Kubuntu can do lots of cool stuff I like.

      So, I use both.

  • you can "what if" lots of features. As near as I can tell from the quick searching I did, it's not like it's on by default. I didn't think it would be, but I haven't fooled with Win7 wireless much.

    Domain Administrators can do this. [lmgtfy.com]

    Is there an article on Network World that condemns Linux for having this ability? Well I did find this [networkworld.com] when I searched for Linux and HostAP. Don't see anything in the article mentioned that it too, could be a security risk if used incorrectly. It's not called Beware the
  • Aruba Networks has support for detection and elimination of rogue AP's.

    An important network that does not have wireless intrusion detection and control is definitely not protected well.

    However, a proper Aruba deployment with AP's and a mobility controller can and do identify, mark, and shut down rogue APs and ad-hoc networks, as well as wireless bridges.

    I am not terribly worried.

    -Red

  • If this article is accurate, we'll see the beginnings of real ad-hoc mesh networks starting in 2010. This feature has the potential for allowing massive ad-hoc networks. Awesome. ISP's are going to pee themselves. Awesome.
    • by selven ( 1556643 )

      Nah, they'll start charging by the gigabyte, so if you hook a computer up to internet and 2000 machines end up routing through it downloading Wolverine, you'll have to pay for 1.4 TB of traffic ($1400 at 1 dollar per gigabyte). Hopefully we'll get rid of ISPs entirely sooner or later, also fixing the net neutrality problem, the throttling problem and kicking the RIAA a few extra times but it'll take at least a decade.

  • Is this just the Ad-Hoc network option that can be setup in the network and sharing center, or is it something else?

    I have Win7 Ultimate and I can't find anything that refers to "VirtualAP" or "SoftAP."

Your password is pitifully obvious.

Working...