Wireless Hacking Tool Makes Splash at RSA
Among the most intriguing technologies being shown off at this year's ongoing RSA Conference in San Francisco is a mobile penetration testing application made by Miami Beach, Fla.-based Immunity that allows people to scan networks for vulnerabilities on the go. Dubbed Silica, the sleek handheld, based on a Nokia tablet device, claims the ability to test wireless network security using Wi-Fi technology—with other form factors and support for Bluetooth and wired Ethernet connectivity planned for delivery by Immunity soon. The handheld is specifically being pitched by the 10-employee firm, founded in 2002, as a method for people to search for unprotected access points without drawing attention to their efforts. Users can casually stroll around any office building and simply scan the airwaves for network access "while behaving innocuously," said Justine Aitel, chief executive of Immunity. The application is built around a Linux operating system and is based on the firm's more robust Canvas product line of penetration testing software. It features three simple functions—scan, stop and upgrade—making it the perfect choice for people seeking carefree mobile hacking capabilities, according to the vendor. Aitel, a former chief security officer with business news outlet Bloomberg, said Immunity has received a fair number of orders for the devices over the last few days at RSA. "We're always trying to reach different markets, and an increasingly sophisticated user base has been asking us for something like this that is simple to use and move around with," Aitel said. "It's also a way for us to reach out to slightly different groups of customers than in the past, and a different crowd than we typically cater to with Canvas." The former CIO cooked up the idea for the mobile hacking device while at Bloomberg, where she was constantly worried about the use of rogue access points and unprotected wireless networking systems. Whether being used to carry out man-in-the-middle attacks against unguarded wireless users or to seek out file shares sitting on people's desktops, the device is a convenient platform for proving the need for stronger access protection, according to the executive. "People can ship this to their operations anywhere in the world to help test the vulnerability of their corporate networks," the CEO said. "We think there's a real market for this type of device." |
Comments (2)
This is nothing new, Yellow Jacket has been around for years.
Posted by OAF | February 9, 2007 12:57 PM
Your e-mail teaser for this story said
"Will criminal hackers use this for the wrong reasons?"
Criminals can already roll their own penetration testing tools similar to this. A criminal version might have been little more bulky perhaps, or a little more expensive. All Immunity have done is the systems integration work with expectation of economies of scale from mass marketing. It means administrators can test their networks the way criminals would without spending hundreds of man-hours rolling their own solution.
Yeah, you've now placed that hardware in the hands of the criminal equivalent of script kiddies. If your network was insecure before, this doesn't make it less secure; it just increases the pool of attackers. But if you use it to test your network properly, it might make it more secure. So, on the balance, this is a good thing.
Posted by Paul-Andre Panon | February 9, 2007 1:40 PM