Networking

Silica -- a wireless hacking tool

Justine Aitel

Penetration testing firm Immunity has started shipping Silica, a wireless handheld pen-testing device capable of finding -- and exploiting -- security vulnerabilities.

The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. [See Ryan Naraine's report.] Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.



Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

14 comments
Subject Matter Expert
Subject Matter Expert

it's the time to show the talent of yours to the world. but it's been done already.

thefred
thefred

It is an organic prison building corporation out of Utah, taking advantage of the terrorist laws to sell space in the crowded prison systems of America. By making high tech crime easy enough for kids to do it, they should have a smart breed of criminals that won't be as bothersome as the "tatoos gang." Gotta love the new sense of humor in Marketing Cirlces since Haliburton and Arthur Anderson have led the way!

garytindall
garytindall

New tech frequently offers equal opportunity for 'good' and 'bad'. Well, stuff like this should be back-room with credentials only. gt

computerd}}
computerd}}

Sony's PSP does the same thing, you can download several programs for it all over the net.

tatmsu
tatmsu

if you like submit a reply to me

grahamalderson
grahamalderson

Looks to me like a quickly knocked up java app in Eclipse.. hack this point yes/no..cmon really.

TR_Reader
TR_Reader

At $3600 a pop I'd find it easier to use w WiFi laptop with cheaper software...but then again, they're looking at portability....and I agree...this needs to be a limited for sale item.

ocpa
ocpa

I guarantee if a company has this device for the market, a hacker had/made the device first.

ocpa
ocpa

I guarantee if a company has this device for a market. A hacker had/made the device first.

If the AP is correctly secured, if the system requires a username and password, and if the network requires authentication it is just an expensive toy. However for all the default networks out there be afraid be very afraid.

roger
roger

That's the point though, 'a' hacker will possibly have made one. Now anyone with the money and intent will have one.

jhilgeman2
jhilgeman2

Don't be too quick to assume you're secured just because you have user/pass authentication and a "secure" AP. Bad assumptions are the start of all security breaches. PATCHES: Even if an AP is "correctly secured" (assuming you're talking about wireless authentication and methods), there are a lot of companies that don't keep up with the latest firmware and security patches. The holes fixed by those upgrades can be truly huge and dangerous. NOT JUST ABOUT WIRELESS: Don't forget that there are usually several entry points into the network via the company's Internet connection. There are plenty of somewhat-configured firewalls that leave gaping holes because people or other companies need to access certain data and so the network admin just forwards ports in the firewall, allowing anyone access to the SQL Server (which is a common way to get yourself infected with a rootkit via the exec privileges of a hacked sa account), or other administration ports on other software. WEB SERVERS: Web servers get patched all the time. I prefer to run Apache whenever possible, but when you connect to its port, you can see what version of the server it's running. Then it's just a matter of going to the changelog to see if you can take advantage of any of the bugs that were patched. There are some servers still running OLD versions of Apache 1.3, or OLD, unpatched IIS. BIGGER MORE SECURE: Some might say that a bigger company would be the type to have a security audit, but not only is that not always true, but bigger companies can often have even bigger chinks in their armor by virtue of implementing multiple locations, WANs, etc... There can be some big companies with surprisingly huge security holes in them. POINT-N-CLICK HACKING: Someone else said that point-n-click hacking was a sham. Something built in Eclipse for show-n-tell, but again, don't be too quick to judge. Just because it's point-n-click doesn't mean a damn thing about how powerful it is (i.e. think about the ease of some rootkits that take advantage of common vulnerabilities - point-n-click access into an insecure system!). I build apps in VB all the time that are basically souped-up macros that do a lot of complex things with a click of the button. Don't assume the device is incapable just because it doesn't require you to type in a lot of stuff.