Silica -- a wireless hacking tool

4 of 10 NEXT PREV

Penetration testing firm Immunity has started shipping Silica, a wireless handheld pen-testing device capable of finding -- and exploiting -- security vulnerabilities.

The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. [See Ryan Naraine's report.] Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.

Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
Silica now runs on the Nokia 770 but Immunity plans to expand the range of supported devices.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
Silica runs a customized installation of Debian/Linux running kernel 2.6.16 with preemptive scheduling.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
Currently Silica supports 802.11 (Wi-Fi). The product roadmap calls for support for Bluetooth wireless connections and Ethernet via USB.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
Once a network connection is established with a wireless access point, the user can use the touch-screen interface to launch Silica.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
Silica scans for available Wi-Fi networks, then connects and starts scanning for vulnerable targets.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
Available networks can be scanned in two modes -- Attack mode or the "prompt before scan" mode. Both can be enabled at the same time.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
The user can manually confirm the use of "attack node," which fires exploits at vulnerable targets on the wireless network.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
The application comes with a three-button user interface: Scan, Stop and Update.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine
A progress bar should display what is happening on the device. Optionally, the user may check the two bottom status boxes to find out more details about the scan.

See also: Ryan Naraine's report from RSA 2007, Wi-Fi hacking, with a handheld PDA.

Published: February 7, 2007 -- 13:54 GMT (05:54 PST)
Caption by: Ryan Naraine

Penetration testing firm Immunity has started shipping Silica, a wireless handheld pen-testing device capable of finding -- and exploiting -- security vulnerabilities.

Join Discussion

Add Your Comment

Silica -- a wireless hacking tool

Related Topics:

Join Discussion

Related Galleries