Wi-Fi hacking, with a handheld PDA
Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.
Running a customized installation of Debian/Linux running kernel 2.6.16, Silica comes with a touch-screen interface featuring three prominent buttons -- "Scan," "Stop," "Update Silica."
| Photo Gallery: This image gallery provides a glimpse at the form factor and point and click interface of the wireless hacking device. | ||
Support for Bluetooth wireless connections and Ethernet via USB is planned for the near future.
Aitel said GPS technology will also be fitted into future versions to pinpoint precise geographic locations of access points.
The idea is to give pen testers a tool to launch exploits wirelessly in the most covert fashion. At startup, Silica offers the user the option to scan for available open Wi-Fi networks. Once a network is found, the device connects (much like a laptop at Starbucks) and asks the user if it should simply scan for vulnerable/open ports or launch actual exploits from CANVAS.
Whenever CANVAS is updated with new exploits -- typically once a month -- Silica automatically gets an update to ensure all the newest attack code is available for mobile pen testing. (Penetration testing is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers. Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system).
Immunity uses the Nokia 770 Internet Tablet in the first version of Silica but Aitel says it can be customized for a wide range of hardware devices. "We wanted to make it touch screen, so you can actually use a stylus, launch a scan in attack mode, then stick it in your pocket while you run your exploits," Aitel explained. "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."
During a brief demo, Aitel used a stylus to manually click through the options to show how frighteningly easy an exploit can be sent to a vulnerable computer connected to a Wi-Fi network.
She said Immunity is taking orders for the $3,600 device, mostly from law enforcement agencies looking to do covert hacking on sensitive networks.
Aitel said Immunity is careful to do due diligence when selling its products, which can fall into the wrong hands and end up being used for illegal purposes. "We don't sell to anonymous users. We make a fair effort to vet buyers and know where the money is coming from and who we're shipping to," she explained.
However, she admits that there's no foolproof way to keep exploit tools away from the bad guys. "It could be some guy working at Cisco, ordering Silica to give to his criminal friend. You'll never be able to stop that."
Some examples of places Silica can be used:
* Tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space.
* Tell Silica to actively penetrate any machines it can target (with any of Immunity CANVAS's exploits) and have all successfully penetrated machines connect via HTTP/DNS to an external listening port.
* Mail Silica to a target's CEO, then let it turn on and hack anything it can as it sits on the desk.
* Have the device conduct MITM (man-in-the-middle) attacks against computers connected to a wireless network.
Check out an image gallery of Silica in action during a demo at RSA.