Silica -- a wireless hacking tool

Silica — a wireless hacking tool

By ryan naraine February 6, 2007, 10:58 AM PST

Image
1
of 10

Justine Aitel

Penetration testing firm Immunity has started shipping Silica, a wireless handheld pen-testing device capable of finding — and exploiting — security vulnerabilities.

The palm-sized PDA tucked away in Justine Aitel’s pocketbook just might be the most scary device on display at this year’s RSA security conference. [See Ryan Naraine’s report.] Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.

Silica is the brainchild of Aitel’s Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company’s flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

PDA form factor

Silica now runs on the Nokia 770 but Immunity plans to expand the range of supported devices.

Powered by Linux

Silica runs a customized installation of Debian/Linux running kernel 2.6.16 with preemptive scheduling.

Bluetooth support planned

Currently Silica supports 802.11 (Wi-Fi). The product roadmap calls for support for Bluetooth wireless connections and Ethernet via USB.

Touch screen application launch

Once a network connection is established with a wireless access point, the user can use the touch-screen interface to launch Silica.

Connect to available networks

Silica scans for available Wi-Fi networks, then connects and starts scanning for vulnerable targets.

Attack, or prompt first?

Available networks can be scanned in two modes — Attack mode or the “prompt before scan” mode. Both can be enabled at the same time.

Attack node prompt

The user can manually confirm the use of “attack node,” which fires exploits at vulnerable targets on the wireless network.

Three-button user interface

The application comes with a three-button user interface: Scan, Stop and Update.

Making progress

Image: Nick Heath / TechRepublic

Making progress

A progress bar should display what is happening on the device. Optionally, the user may check the two bottom status boxes to find out more details about the scan. rn

rnrnSee also: Ryan Naraine’s report from RSA 2007, Wi-Fi hacking, with a handheld PDA.

Image: Nick Heath / TechRepublic

By ryan naraine

Account Information

Contact ryan naraine

Your message has been sent
|
See all of ryan's content

The purpose of this policy from TechRepublic Premium is to establish guidelines for the remote management and wiping of personal devices used in a bring your own device program. This policy aims to ensure the protection of sensitive company data in the event of security breaches, device loss, theft or termination of employment or contract. ...

The purpose of the Incident Reporting and Response Procedures Policy from TechRepublic Premium is to establish a clear and efficient process for employees to report security breaches, device loss, or data exposure incidents involving personal devices used for work purposes. From the policy: CONFIDENTIAL REPORTING Employees are strongly encouraged to promptly report incidents, and they ...

Cryptocurrency is a popular technological worldwide trend. As with any investing avenue, the revenue one can make dealing in cryptocurrency can vary depending on the time put into the endeavors, market fluctuation, choice of investments, available capital, how loss averse you are, your short- and long-term strategies and other traditional investment factors. Be forewarned, scams ...