Wi-Fi Penetration Tester In Your Pocket

00*789*00 writes "ZDNet has a story about the public launch of Immunity's Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform."

Ummm, yeah.

[Vengeance]

I hope y'all don't mind if I won't keep a penetration tester in my back pocket, mmm'kay?

ob. mae west reference

[hey!]

is that a penetration tester in your pocket or are you happy to see me?

Re:ob. mae west reference

[The Zon]

a portable hacking device that can scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.

That's what she said!

Re:

[evilviper]

That's what she said!

And then they built the super collider.

Re:ob. mae west reference

[romland]

It could have been funny if the editor had not already made the joke in the 'dept' line.

But, to answer your question. Am I happy to see you? I don't know, are those a pair of boobs on your chest?

Re:

[jez9999]

Yeah, but he's working out really hard to get rid of them.

Re:

[Anonymous Coward]

"I've got something in my front pocket for youuuuu..."

Re:

[strider2k]

Whenever I think of the word penetration, I think of some organ and yeah....

Re:

[VirusEqualsVeryYes]

But does it run Linux?

No, wait ... that's not right ...

Re:

[PopeRatzo]

Since you mentioned Vista, it brings to mind a neighbor of mine who is always leaving his wireless router unsecured. I brought it up to him recently and he told me that he doesn't have to worry about that because he's got a Mac.

Wow.

Re:

[mrchaotica]

Just secure it for him yourself. When he suddenly can't access it because you've enabled WPA, he'll understand the importance of security.

(And if he gets upset with you, tell him "just be glad I didn't download a bunch of kiddy pr0n and try to hack the NSA with it!")

Re:

[PopeRatzo]

Just secure it for him yourself.

I intend to do that just as soon as I finish downloading a bunch of kiddie pr0n and hacking the NSA.

[note to Carnivore technician: the above was a joke. I'm not really downloading kiddie pr0n.]

Re:

[irc.goatse.cx troll]

Maybe thats what he's doing and he likes having an open AP as part of his legal defense?

Maybe he just likes sharing his connection because he's paying for it 100% of the time but using it a very small percent of the time, and the chance that someone might be able to get some use out of it is something he likes?
You ever travel and not want to pay an insane amount for hotel internet? Or your internet connection dies/doesn't get payed for but you badly need to finish a download/check your email/etc? Wouldn't y

Re:

[Pinback]

My buddy secured his neighbor's WAP on accident. He thought he was configuring his own.

The neighbor was confused when told that his router now had a WEP key in place.

Re:

[speculatrix]

... which is a nice advert for Nokia; I would hope that Silica doesn't use any GPLd libraries otherwise they'll have to release source, which would be nice, as kismet or aircrack-ng are nowhere near as automated as this baby!

Honeypot Reverse Attack

[CaffeineAddict2001]

\\sharedstuff\My Super Secret Incriminating Documents Conveniently Zipped For You.exe

Re:

[VirusEqualsVeryYes]

The portable hacking device runs Linux.

Re:Honeypot Reverse Attack

[CaffeineAddict2001]

Oh, forgive me: /usr/home/hax0r/My Super Secret Incriminating Documents Conveniently Zipped For You.MP5-R12.1.0.2.3.1.1-ALPHA.tar.gz

Re:

[io333]

OMG that is the funniest thing I've read in years!

Re:

[Anonymous Coward]

"Oh, forgive me: /usr/home/hax0r/ ..."

Joking aside, a user account's /home directory in the system /usr directory? Must be a Windows person who loves spaces in file names.
 

Re:

[eosp]

Yeah, some of us use BSD. And by the way, /home is symlinked to it so both work.

Re:Honeypot Reverse Attack

[Hamoohead]

/usr/home/hax0r/My\ Super\ Secret\ Incriminating\ Documents\ Conveniently\ Zipped\ For\ You.MP5-R12.1.0.2.3.1.1-ALPHA.tar.gz

There. Fixed it for you.

Re:Honeypot Reverse Attack

[benhocking]

\home\me\optimize_linux_no_this_is_not_rm_rf

Re:

[drinkypoo]

Well, I don't know about you, but I keep my honeypot penetration tester in my pocket.

Yes I know I'm a bit late on this joke, but I don't think anyone else managed to work the honeypot in there. (Or vice versa, h0 h0 h0.)

The cost is too high, get a Zaurus

[Anonymous Coward]

For $3,600, I think it's way over priced. Use a laptop, or home brew a similar device with a mcuh cheaper Zaurus:

http://www.irongeek.com/i.php?submenu=zaurus/zauru sheader&page=zaurus/zaurusmain [irongeek.com]

Skip the Zaurus...

[Svartalf]

It's a $3600 Nokia WebPad with custom software on it.

Considering the new WebPads and all being available and supported (unlike the Zaurus...), I think I'll go with that instead...

Re:Skip the Zaurus...

[Tony Hoyle]

$3600 for something to detect wireless networks?

For half that money you could get a fully fledged laptop with builtin wireless and run any tools you liked.

From the summary I was expecting a $50 pocket device.

Re:

[Fuyu]

This device does more than just detect wireless networks. According to the article, it can also "scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space." With 128MB flash memory, a 64MB RS-MMC (Reduced Size - MultiMediaCard), and an option for extended virtual memory (RS-MMC up to 1GB), that's a sizable amount of storage for a walk through.

Re:

[Fuyu]

According to Nokia's website http://www.nokiausa.com/N800/1,9008,feat:1,00.html [nokiausa.com], it runs Internet Tablet OS 2007 edition, a modified version of Debian/GNU Linux. From http://www.starryhope.com/tech/apple/2007/10-ways- the-nokia-n800-is-better-than-apples-iphone/ [starryhope.com] "Nokia created the open source Maemo development platform for the 770 and N800. They've worked hard to encourage developers to port applications to this platform. You can find more info at http://maemo.org/ [maemo.org]."

Re:

[dr_dank]

What I like about the Zaurus is the very fact that its so portable. I can turn on Kismet and keep it in my jacket pocket while out and about, logging APs all the way. You really can't do that with a laptop if you want to go around on foot.

Re:

[Danse]

What I like about the Zaurus is the very fact that its so portable. I can turn on Kismet and keep it in my jacket pocket while out and about, logging APs all the way. You really can't do that with a laptop if you want to go around on foot.

I guess you could if you have one of those jackets with the big pocket on the back. Perfect for sliding a laptop into. Probably only doable in cold weather though, as the laptop will definitely keep you warm...

Re:

[Scud]

Considering the new WebPads and all being available and supported (unlike the Zaurus...), I think I'll go with that instead...

Huh?

While it's true that Sharp has neglected the Zaurus software-wise for ages now, it has been actively supported by a number of groups that have gone from tweaking the existing Sharp ROM to creating a full-blown replacement for the Sharp ROM.

So it is hardly unsupported, I would say that it is every bit as well supported as my PC is running SuSE.

And, no intended slight

Re:

[Dekortage]

Well, let's add it up...

1. A laptop does not fit covertly into your pocket.
2. A "home brew" device... let's see, the link you sent suggests ~$200 in hardware. Then it says "Apps I hope to get around to testing" and lists a few possible hacking tools (in other words, he hasn't done it yet). Add up the time it would take a skilled geek to develop and maintain the complete hacking software suite, make it as simple to use and automated, and patch it monthly with the latest exploits... suddenly $3600 sounds not

Re:

[COMON$]

ya, a 500 dollar laptop, metasploit, and a decent wireless card and you will have more than you bargained for.

Re:

[BobPaul]

For $3,600, I think it's way over priced. Use a laptop, or home brew a similar device with a mcuh cheaper Zaurus:

The Nokia 770 is $350. The N800 is $400. I run Kismet and Aircrack on my N800. Not sure what's special about the extra $3200 in software they've added. Someone should show their customers the price of the bare handheld!

The Zaurus would be nice if it was still in production. For use newbs, the Nokia series is attractive ;)

Re:

[account_deleted]

Comment removed based on user account deletion

They're careful who they will sell it to...

[gavink42]

Wow... A hacking device actually being sold by a real company. The article says "We make a fair effort to vet buyers and know where the money is coming from and who we're shipping to."

Even so, it probably won't be long before this device is being used by hackers as well as law enforcement. Actually, after thinking about it a bit, I'm not sure which use bothers me more.

Re:

[Svartalf]

Heh... The hackers are already DOING this stuff- on similar devices, even.

You're going to find that the black/grey hats will be buying a Nokia 770 or it's next generation,
buying one of the alterable PocketPC's, or a cheap laptop and running Metasploit or SPIKE/MOSDEF
on them- all of which are legit tools and available as LGPL or similar licensed code. And, in the
case of SPIKE/MOSDEF, you're using the underlying engine for CANVAS anyhow...

All this does is provide commercial support and exploit updates for a

What I like to do...

[Ford Prefect]

... is leave dozens of wireless routers lying around, switched on, broadcasting trivially encrypted 'networks' to the surroundings - except not have anything connected to them. No internet, no servers, no ethernet cable, nothing.

The real network is hidden, strongly encrypted and using 802.11n. Beat that, hackers!

Re:What I like to do...

[drooling-dog]

You wouldn't happen to be the guy next door to me, would you?

Re:

[BrokenHalo]

... is leave dozens of wireless routers lying around, switched on, broadcasting trivially encrypted 'networks' to the surroundings - except not have anything connected to them. No internet, no servers, no ethernet cable, nothing.

Damn, I just got rid of a couple of wireless access points, and I never thought of that. It might have been kind of fun to browse through the syslogs on those to see who is banging their heads against a brick wall...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[irc.goatse.cx troll]

You don't need dozens of wireless routers eating power and taking space, all you need is a single wireless card being a jackass and advertising SSIDs for networks that don't exist. I don't remember the name, but the software is out there already.

Note that you're going to hurt your(and everyone near by)'s signal to noise ratio, and you're going to confuse real clients just as much as you will evil hax0rs-- Try sorting through a few dozen networks on a wifi enabled cellphone for example, probably not fun.

Re:

[Zarhan]

Plus, considering how breakable 64bit and 128bit WEP were, and WPA original is, well, I just can't trust anymore wireless encryption. Go hardcore or go home!

Exactly how breakable "WPA original" is? If you mean with "WPA" 802.11i draft 4 (as commonly meant), it supports both TKIP and AES encryptions (as does "WPA2", the final version of 802.11i). And neither is particularly weak - of course TKIP has not been scrutinized so much as AES.

Even WEP is not so vulnerable these days, since most equipment avoids the

Is that something in your pocket....

[TheSuperlative]

Or are you just happy to prove my network?

I believe...

[russotto]

...it was Dr. Fronk who said, "Well, I guess it pretty much can only be used for evil".

Re:

[djasbestos]

Shadowrun comes to mind...

Re:

[Frigga's Ring]

True that. Makes me believe that the gear they present for 2070 is too low-tech considering how fast everything is moving.

Re:

[djasbestos]

Well, the 2070 version will have a neurojack on it...although yeah, at the rate things are going, we might see something like that even sooner too.

White House

[faqmaster]

Great! I can't wait to take this with me on the White House tour. Should prove interesting.

my nokia can do similar stunts.

[MrJerryNormandinSir]

hmmm. $3,600. Damn. The very first thing I did was put toghether a suite of open source wifi hacking tools.
All they did was put together an easy to use gui so anyone without any computer knolwledge at all can use it.
hmm.. that's against the hackers code!

Re:

[gingerTabs]

Kismet + aircrack +??? = $3600

Nice :)

Recipe for bad humour

[multisync]

Post an article on slashdot with the words "penetrate" and "open ports" in the summary.

Actually...

[StressGuy]

It's the same bad joke over and over again until somebody post one of the following....

"In Soviet Russia - Open Ports Penetrate You!"

or..."my back door is impenetrable YOU INSENSITIVE CLOD!!!"

or...perhaps a reference to a Beowulf cluster-f%@k

or...something ending in .... PROFIT!

then we all get sick of it.

Gotta wonder...

[catdevnull]

Gotta wonder about a picture of a chick with "penetration testing" as a caption.

God, I love IT.

Automated intrusion software

[sshore]

Over the last year or so, I've considered writing an automated wireless network intrusion tool. It would:

• capture encrypted packets and attempt to crack wep/wpa keys
• join wireless networks, enumerate targets
• retrieve files of interest from shares or recover them from packet dumps
• launch code attacks, like this tool does

You'd run it on a laptop that you'd carry in your backpack or in your car, on your way to/from work or just cruising around on a Sunday afternoon.

As such, it would be called the Transient Wireless Intrusion Tool, or TWIT. I just get a charge out of network security people writing about twits wandering around near the network.

Re:Automated intrusion software

[mrzaph0d]

Even worse would be Transient Wireless Attack Tool...

TWAT

[sshore]

Even worse would be Transient Wireless Attack Tool...

That was my original working title, actually :)

Re:

[jftitan]

Has a nice ring to it.

"We can't have a bunch of twats runing around the office trying to capture senseless packets of the spring break pictures of your mother."

"is it me, or do we have a bunch of twats running around the office?"

"twat was his name?"

OSS version

[gingerTabs]

This is based on the Nokia 770, so it's Linux (debian) based. What apps would we need to put together an put a frontend onto to make this a reality for either the 770 or the newer N800?

Modified Nokia 770

[Werrismys]

That "PDA" is a Nokia 770. Is it modified hardware-wise, I have no idea, but the device portrayed in the article is Nokia 770 that sells for under $400 (and is now surpassed by N800).

Legality?

[Zeek40]

I would think that the Digital Make everyone a Criminal Act would prevent a company from marketing a device like this...

Now just combine that with OLPC

[kabocox]

I'd like to see someone program that for the OLPC laptop. I could easily envision a slashdotter transforming a simple educational device into a hightech potentially offensive military IT resource and giving it to 3rd world kids.

Automated intrusion

[Drahgkar]

So...basically this would be akin to running Back|Track, but with a few improvements, like the automation or am I missing something? If this is the case, why wouldn't someone install back|track on one of these things and just add the automation? Then you could forgo most of that hefty price since all you would have to buy is the tablet.

Re:

[soleblaze]

Because backtrack doesn't run on an arm processor. This is basically a custom distro for the nokia 770. You're mostly paying for them setting up the tools correctly and the GUI interfaces. They might have also created patches for some of these tools for them to run on the Nokia 770 properly. One thing to note, is that since it is Linux if they did patch these programs you can get the source code from them when you buy one and then distribute it (and return the device if you can..heh) Of course I'm sure

Dupe or Followup?

[HTH NE1]

I remember something about this before [slashdot.org]. Yup, it was about Silica then too.

I posted a theory about sending one to yourself through the mail activated and with a GPS so that the postal delivery vehicle does your wardriving for you. I called it warsmailing [slashdot.org]. So far no results on Google of anyone attempting it using that term.

(Why do I keep being prompted to save a download of comments.pl when I Submit?)

Re:

[uuilly]

We used the same idea during the cold war. We shipped sensitive Geiger counters all over the Russia via rail so they could sniff nukes and nuke facilities. Cool idea. I think we got caught though.

How did they know???

[master_p]

I already have a wife penetration tester in my pocket, thank you very much.

Re:

[Quiet_Desperation]

Now all you need is a wife. :)

Hey! I tease! Put that thing down!

one use..

[WheresMyDingo]

can i slip one into my wifie's pocket to make sure she's been faithful?

This doesn't change anything.

[pseudosero]

You should still keep your wifi open... a criminal needs to be in geographic proximity. wow. This is so much worse than someone on the other side of the country being able to break into your machine. Honestly, if we all keep our wifis open it'll be better in the long run. I don't know why it just will be i swear.

Penetration Tester in your Pocket 7333482

[Anonymous Coward]

For a moment there, I thought I was going to have to implement spam filtering on my RSS feed from Slashdot.

but...

[Connie_Lingus]

...does it have x-ray vision? The glasses I bought 30 years ago are looking pretty rough these days...

Excuse me Sir.

[HerbieStone]

Is this a pentration tester in your pocket?

Or are you just happy to see me?

egh

[Anonymous Coward]

yup, its a nokia 770, with software that costs about $2600. BARGAIN.

the only thing the nokia 770 isnt really capable of already is packet injection, so does that mean they're charging that much money for a product sticker, an injection-capable wifi driver, and some easy front ends to already existing (and compiled for debian / arm / maemo) wifi software?

ill compile a driver for a capable usb wifi card or wait for a monitor mode / packet injection patch for the 770's wifi chipset to become freely available,

Why?

[tehfonz]

People spend $3600 on this How do u gain your money back? or are these people in it just to be "hackers" 1. Buy wireless exploiter 2. ???? 3. Profit!!!!

Re:

[soleblaze]

If you read the article, they're mainly targeting big businesses and law enforcement. They're being sold as a way for non technical people to preform pentests (I.e. buy this $3600 device and you won't have to buy the $40,000 pentest from company x)

Is that a Penetration Tester In Your Pocket

[monopole]

Or are you just happy to see me?

Anyone familiar with pentest tools on the n800?

[soleblaze]

So far I've found kismet (which mostly works, but will crash the n800 if you leave it alone long enough for your screen to blank) (kismet can be found at http://eko.one.pl/maemo [eko.one.pl]) And aircrack and nmap (http://www.mulliner.org/nokia770/). I know that there's a port of metasploit somewhere, but I haven't been able to find it. Also programs that use bluetooth and are designed for the 770 but not the n800 crash the n800 due to bt driver incompatabilities (the n800 uses a newer bluez stack) Does anyone know

Penetration tester in pocket

[192939495969798999]

That is either the greatest or worst pickup line in the history of the world: "Hey baby, I got a penetration tester in my pocket..."

The story is: Linux is great

[daveaitel]

The take on this story SHOULD be that it's possible to have a small company choose embedded Linux to deploy innovative and interesting applications on. We could have chosen Windows Mobile, of course, but Linux was technically the better choice. That's the important part here. Open Source tools get you to market faster and cheaper.

Re:

[Lord_Byron]

But, Dave, your company is charging an awful lot of money for a tool that isn't all that innovative (I've been using a 770 as part of my wireless pentest suite for a while now) and has limited legitimate uses, all IMHO, of course.

I'll take all of that back if you can explain why LEOs need a *stealthy* wireless pentest capability and explain a few compelling scenarios where this is better than the vastly cheaper combination of a 770 running Kismet and a conventional laptop running conventional tools.

Untill y

Nokia 770 + Kismet

[ivlad]

I think, the $3600 device is nothing more, but a Nokia 770 (that is clear from the photos) runnig GUI for Kismet or some sort of other Wifi scanner.

Good margin! ;)

What, no mention of Backtrack?

[jerkychew]

I'm disappointed nobody has mentioned BackTrack [remote-exploit.org] yet. Live, bootable Linux CD loaded with wireless scanning and hacking tools. To be honest, I haven't tried it yet, but Free sure is cheaper than $3600!

Re:

[Drahgkar]

I did mention BackTrack earlier, but it was in reference to installing it on the tablet rather than running the live cd. However, I was informed that unless you re-compile and possibly rewrite some of the source, it won't run on an ARM processor. Mostly, as I understand it, because BackTrack is based on Slax which is based on Slackware which is not compiled to run on ARM processors.

Wi-Fi Penetration Tester

[zuhaifi]

Based on the Open Source Linux operating system and the pure Python Immunity CANVAS attack framework, if one of SILICA's built in attack profiles does not fit your needs, you can easily craft one that does.

Stupid!

[johnsmit90210]

This is a nokia 770! All smirky comments aside.. (Why even bother with those when you should know what this is) So if this so called 'pen tester in a pocket' is 2500+ dollars, then what in the hell do you call a PocketPC or PDA running MiniStumbler written by Marius Milner? Besides a 2300+ dollars less costing pen tester that is. Stupidest thing I've seen all day! (I just woke up)

Gimmick.

[hrtserpent6]

Where do I start with this thing?

The number of applications this device provides that are both legitimate and useful are near zero.

If you are legitimately authorized to do scans, why not do it with proper equipment? I used to warwalk all the time with an open laptop in plain view, and if anyone stopped me, I had a letter from the CIO in my hand.

If you want to truly test security are you gonna hand an idiot-proof device to some intern and tell them to push the pretty red button and run around with it?

It expensive because...

[radu.stanca]

...of the exploit framework it provides, Immunity CANVAS. You`re not paying for the hardware device but for the exploits, this should be a must for every pen-tester, Aitel is one hell of an exploit writter.

not pocket size but damn powerful! - Janus miniitx

[speculatrix]

janus mini-itx [mini-itx.com] I quote:
The "Janus Project" is the brainchild of Kyle Williams of the Janus Wireless Security Research Group in Portland, Oregon.

Mounted inside an epoxy and silicone-sealed watertight case lives a 1.5GHz C7 powered EPIA EN 15000G motherboard, 2 x four-port PCI to mini-PCI adapters, 8 x 802.11a/b/g mini-PCI WLAN Modules, 2 x 1W 2.4Ghz WLAN amplifiers, a keyboard and a 17in LCD screen. The system can scan up to 300 wireless networks simultaneously, storing and AES encrypting in real time a

slashmarketing

[Augmento]

another case of pure hype served up by some clever slashmarketing techniques. the truly scary part is some moron in the ranks above is going to read this and decide that we will need to be frisked when entering and exiting our work area. bad enough that no portable electronic devices are permitted. all the usb ports on all our machines have tamper evident seals on them (read scotch tape).

hmm, i think i am going to to to this conference with a notebook from the 80s and tell everyone it is my new secure noteb

$3600 device?

[BillX]

Bah. My Wifi hackybit [cexx.org] (Nintendo DS lite) with all its own associated hackybits runs for less than $200 off the shelf, runs a variant of uClinux, and can run for a week on a battery charge (assuming most of that time is in Sleep mode waiting for the target network to come in range).

I'm actually somewhat surprised I haven't seen any stories along these lines yet. Load up a DS with wepcrack and some malware, power it on, flip it closed and mail to target. While it sits all morning in shipping/receiving, it's f

Oh c'mon you guys...

[mikiN]

get into some real hacking.

Get something like this [engadget.com] (hint: there's a much cheaper one with backlight that costs only about 50 bux), read this [maushammer.com], lean to program the MCU, add some Flash memory, learn to hack the BPU and get goin' already.

No wonder the military too are going COTS, they can't hack up anything themselves anymore unless millions of dollars are dumped into the project.

Heck, even the famous voting machine scanner from the Netherlands was in fact a hacked TomTom navigator (you can prolly find them by

Re:

[CreatureComfort]

It's both!

A 'penetration tester' that can scan other connections for open ports, and automatically launch code execution exploits. It has self replicating code, but the doctor says there is no viral payload.