Networking

Silica -- a wireless hacking tool

By // February 7, 2007, 5:54 AM PST

Image 1 of 10

  • Justine Aitel

    Penetration testing firm Immunity has started shipping Silica, a wireless handheld pen-testing device capable of finding -- and exploiting -- security vulnerabilities.

    The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. [See Ryan Naraine's report.] Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.



    Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

  • PDA form factor

    Silica now runs on the Nokia 770 but Immunity plans to expand the range of supported devices.

  • Powered by Linux

    Silica runs a customized installation of Debian/Linux running kernel 2.6.16 with preemptive scheduling.

  • Bluetooth support planned

    Currently Silica supports 802.11 (Wi-Fi). The product roadmap calls for support for Bluetooth wireless connections and Ethernet via USB.

  • Touch screen application launch

    Once a network connection is established with a wireless access point, the user can use the touch-screen interface to launch Silica.

  • Connect to available networks

    Silica scans for available Wi-Fi networks, then connects and starts scanning for vulnerable targets.

  • Attack, or prompt first?

    Available networks can be scanned in two modes -- Attack mode or the "prompt before scan" mode. Both can be enabled at the same time.

  • Attack node prompt

    The user can manually confirm the use of "attack node," which fires exploits at vulnerable targets on the wireless network.

  • Three-button user interface

    The application comes with a three-button user interface: Scan, Stop and Update.

  • Making progress

    A progress bar should display what is happening on the device. Optionally, the user may check the two bottom status boxes to find out more details about the scan.

    See also: Ryan Naraine's report from RSA 2007, Wi-Fi hacking, with a handheld PDA.

Justine Aitel

Penetration testing firm Immunity has started shipping Silica, a wireless handheld pen-testing device capable of finding -- and exploiting -- security vulnerabilities.

The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. [See Ryan Naraine's report.] Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.



Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

Related Topics:

Networking Data Centers Storage Hardware Security Virtualization Cloud