Wi-Fi hacking, with a handheld PDA

Wi-Fi hacking, with a handheld PDA

Summary: The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference.

SAN FRANCISCO -- The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. Justine Aitel gives Silica a test run at RSA Conference 2007

Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.

Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

Running a customized installation of Debian/Linux running kernel 2.6.16, Silica comes with a touch-screen interface featuring three prominent buttons -- "Scan," "Stop," "Update Silica."

  Photo Gallery: This image gallery provides a glimpse at the form factor and point and click interface of the wireless hacking device.  


Support for Bluetooth wireless connections and Ethernet via USB is planned for the near future.

Aitel said GPS technology will also be fitted into future versions to pinpoint precise geographic locations of access points.

The idea is to give pen testers a tool to launch exploits wirelessly in the most covert fashion. At startup, Silica offers the user the option to scan for available open Wi-Fi networks. Once a network is found, the device connects (much like a laptop at Starbucks) and asks the user if it should simply scan for vulnerable/open ports or launch actual exploits from CANVAS.

Whenever CANVAS is updated with new exploits -- typically once a month -- Silica automatically gets an update to ensure all the newest attack code is available for mobile pen testing. (Penetration testing is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers. Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system).  Up close look at the handheld hacking device

Immunity uses the Nokia 770 Internet Tablet in the first version of Silica but Aitel says it can be customized for a wide range of hardware devices. "We wanted to make it touch screen, so you can actually use a stylus, launch a scan in attack mode, then stick it in your pocket while you run your exploits," Aitel explained. "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."

During a brief demo, Aitel used a stylus to manually click through the options to show how frighteningly easy an exploit can be sent to a vulnerable computer connected to a Wi-Fi network.

She said Immunity is taking orders for the $3,600 device, mostly from law enforcement agencies looking to do covert hacking on sensitive networks.

Aitel said Immunity is careful to do due diligence when selling its products, which can fall into the wrong hands and end up being used for illegal purposes. "We don't sell to anonymous users. We make a fair effort to vet buyers and know where the money is coming from and who we're shipping to," she explained.

However, she admits that there's no foolproof way to keep exploit tools away from the bad guys. "It could be some guy working at Cisco, ordering Silica to give to his criminal friend. You'll never be able to stop that."

Some examples of places Silica can be used:

* Tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space.

* Tell Silica to actively penetrate any machines it can target (with any of Immunity CANVAS's exploits) and have all successfully penetrated machines connect via HTTP/DNS to an external listening port.

* Mail Silica to a target's CEO, then let it turn on and hack anything it can as it sits on the desk.

* Have the device conduct MITM (man-in-the-middle) attacks against computers connected to a wireless network.

Check out an image gallery of Silica in action during a demo at RSA.

Topics: Networking, Security, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • all that

    and it's still easy to use. take THAT MS apologists ;)
    Scott W
    • Be afraid...

      Scott W said:

      "all that
      and it's still easy to use. take THAT MS apologists"

      Ahem. It's a single-app Linux device that is already set up and ready to use.

      And take a gander at one of the first picutres offered for your perusal. Silica is scanning a...Macintosh network.

      Having no experience with how the AirPort series of wireless routers are set up, I have to ask: How easy is it to secure an AirPort? Is it secure by default, or is it as full of holes as a wheel of Switzerland's finest?

      Enquiring minds want to know.
      M.R. Kennedy
  • ByPass Security ?

    Does this device bypass WEP security or any other security settings in a WI-FI network? or does this device just scan unsecure WI-FI networks?

    People running an unsecure WI-FI network, whether home or business, should take notice if this device only is attacks unsecure networks.

    Its hard to berate home users who may be uneducated or simply lack the knowledge to secure their WI-FI networks, but anyone running a corporate or business WI-FI who had half a brain to install the wireless network, should get their head examined for running unsecure WI-FI.
    • Probably not...

      I don't think this device is able to bypass WEP security (yet). I would think that would require much more sophistication and a great deal more time. For now, however, it appears this device simply penetrates via unsecure WI-FI networks....and they're all over the place!

      Think about all the restaurants, coffee shops, and bars that are promoting "Use our FREE WI-FI here!" Customers can have their latte' and hack a computer too! WOO-HOO! I mean...go figure. It's difficult to set up a "free" server in the places and have people get designated user IDs and passwords. But then, that's what makes it appealing -- owner beware! At $3,600 a pop, it's doubtful these items will be croping up around town at an exorbitant rate, so no worries...yet. It's just a matter of time before the price lowers, the competition gets out there, and virtually anyone will own one of these products. Time well tell.
      • WEP security is not difficult to penetrate...

        ...and I must believe that they would include the tools to do that. Not quite at the 'script kiddie' level yet, but you can crack a WEP-secured network in as little as 3 minutes. WPA would be a different story, IMO.
        • You got that right!

          WEP is as protective as a wet paper towel!, you can get tutorial videos that show how to do it on the web

          The Feds can own your wlan too
          • WPA Also

            WPA too. WPA is also pretty easy to break into. That is why they now have WPA2 now.
          • non internet usher

            Molatedi Starquest Alecks Kgoboki
      • Don't be ridiculous...

        These same exploit scripts and port scanners are already available on the net, and the guy next to you could already be using them against you via his laptop, rather than this handheld device. The increased portability of a device dedicated to such attacks is the only real news here. So..no, noone will pay $3600 when they can download hacks to use against you for free.

        The value truly is for law enforcement agencies and security departments at corps...because this offers them a way to scan their security without having to keep up to date on new exploits - Immunity auto-updates the devices with the latest exploits and they are ready to go at the time of the next pen test.

        For you, me, and Joe at the coffee shop, this is no new threat.
        • Don't be stupid

          "For you, me, and Joe at the coffee shop, this is no new threat."

          It certainly is. There's a big difference between the population that is competent to download and configure their Linux laptop with all the tools that are available on the net, and the population that is competent to select one of three buttons to push!

          Plus the PDA form factor is more convenient packaging than a simple laptop. Yeah the ubergeek power users could pack the whole thing into a cell phone, but that shrinks the population even more. This makes it available to anyone with $3600 and a clean background (or an accomplice with a clean background).

          For you it may be no change, but for me it changes the threat very significantly.
          • Yeah, our free ride is finally over...

            All of us alternate OS users, who had the comfort of the equivalent to running naked by not needing antivirus and spyware/adware removal software are screwed if this gets into the wrong hands.

            I'm not normally one to be too paranoid, but I think I'll be watching the system monitors on my machines, just to make sure.
        • Same exploits?

          SILICA includes Immunity CANVAS's exploits. These sometimes include things that are not in other frameworks or available in public sources such as Metasploit.

          On the other hand, it won't necessarily include every exploit on the net - we had to pick and choose which ones we thought were important to write and do QA on.

          I agree, however. Portability and usability are the real wins. But it's not a minimal effort to write the code that goes behind the three big buttons. :>
  • Silica's WiFi hacking... coming to a black hat's hands near you.

    It won't be long before Silica get into some unscrupulous hands, either by theft or loss, and then the tool will quickly become a weapon.

    Imagine the damage a hacker... or Big Brother... can do with one "specially modified" Silica unit in his hands.
    Mr. Roboto
    • your imagination is running away with you.....

      nothing we weren't already able to do.

  • Looks like the hacker tool Z4CK has come to fruition

    Back in 2004 I wrote a novel about a fictional hacker utility which was the magic bullet of network penetration. The novel was called Z4CK and the unstoppable hacker tool with built in A.I. ran on a Zaurus SL-5500. Looks like this is all coming to fruition!

    The novels Z4CK and Digital Force (the follow up) are free downloads from http://www.z4ck.org
  • Message has been deleted.

    • Facists - stop deleting messages

      Censorship is for losers.
  • This has already been done. *yawn*

    I use my Tungsten E2 to do this on metro tranist buses all the time... and yes, you can bypass WEP. It's easy.

    I get free internet anywhere, not to mention free movies and whatnot that I can intercept from my unlikely location on any sidewalk or street.

    Learn to use your machines, people, before they learn to use you!
    • Oh yeah....

      I'm believing that. *rolling eyes*

      Thanks for coming down off the Mount and enlightening us.
      • Well,

        that's how I get to this site. Why do you think I use an anonymous login?

        Look up WEP cracking on palm... it's not difficult at all. You install some software, and learn how to use it. I don't see the story of the new device as "news" because it's already been done.