Researcher Creates Handheld Hacking Tool 69
Kickball Notches writes "Immunity's Dave Aitel plans to start selling a portable hacking device equipped with hundreds of exploits. The wireless handheld, called Silica, comes equipped with more than 150 exploits from Canvas and an automated exploitation system that allows simulated hacking attacks from the palm of your hand. It supports 802.11 (Wi-Fi) and Bluetooth wireless connections and is based on Linux."
Nifty (Score:5, Interesting)
The thing to keep in mind here is that this really isn't a problem yet. You won't see any WLAN viruses' base on driver level exploits any time soon for one very important reason, proximity. We wanted these issued raised and fixed before the distance of a wifi connection for your average user will be measured in kilometers instead of the meters it is today.
Don't go rip your wifi cards out just yet, but you should always adhere to good security techniques. Even without a driver level exploits man-in-the-middle attacks over wifi networks are a threat that you can mitigate by doing things like verifying the SSL certs for things you can connect to and don't do anything you want to remain personal or private over clear text on these access points. Also, for things like instant messaging, grab something like Adium X that supports encrypted IM conversations across multiple platforms. I know iChat does as well, but I am a big fan of something called OTR (http://www.cypherpunks.ca/otr/) which Adium supports.
And no, this wasn't a "Mac OS X"(-specific) or "MacBook" vulnerability; it is a vulnerability in the Atheros driver code, which, according to the presenters themselves, is exploitable on other platforms, including Windows and Linux. Mac OS X was chosen to prove a point, and unfortunately the "point" that many ordinary people ended up getting was that all "MacBooks" and only "MacBooks" were vulnerable to some kind of scary 802.11 attack, and worse, that setting the machine to not auto-associate with access points would solve the problem (it doesn't). Some interesting points from a SecurityFocus mailing list about the Atheros exploit:
* The exploit is running in kernel space and can do _anything_ it wants. It's not running as root because that would involve running under the kernel. In Intel terms, this is ring 0 stuff.
* Firewalls, "preferred networks" and other OS-level mitigation is worthless. The packets don't have to contain any IP data, they are pure 802.11{b|g} frames. The OS doesn't see the packet because it would have to get past the (exploited) device driver.
* The exploit doesn't require associating to an AP, being associated to an AP, anything. It just requires the wireless device to be on.
What this really illustrates is that when you let third-party, proprietary, unaudited code into a privileged capacity on an OS, it could indeed be an avenue for attack.
And now that attack can come from a dedicated device running in someone's pocket.
(Personally, I see no reason why hardware device makers should keep driver code proprietary, much less the hardware specifications needed to produce an open source driver. After all, isn't their bread and butter the hardware itself?)
This device could also associate with a wireless access point normally, and launch penetration tests against any hosts reachable on the network as well. TFA notes that the device is also equipped with ethernet and USB connectivity as well. Sounds like a neat little device, that could have other functionality as well.
But does it run... oh wait (Score:3, Interesting)
It is especially important to note the Bluetooth abilities in this context. IF properly tweaked, one hacker could wander around a major public event and
Re:But does it run... oh wait (Score:3, Informative)
The Nokia 770, the Sony Mylo, and the Trolltech Greenphone are just the start of how Linux + Wifi + mobile devices are going to change the world, imho. If you've done your development correctly you can do a LOT on these devices in very little time. It's the perfect thing
US$ 3k (Score:2)
Since you're here: why such a high price-tag? I'd say that it's to prevent kiddies from using it, but I'm curious whether the cost of putting it together would be so high.
Anyway, congrats on the good idea.
Re: (Score:2)
Imagine buying a thousand cheese sandwhiches, adding a garnish, and shipping them to people all around the world. Not cheap! And you didn't have to do any advertising or hire people to answer phone calls from customers who don't know which hole a sandwhich goes into, document all the parts of your sandwhich for people who like t
Re:But does it run... oh wait (Score:5, Interesting)
Forget warwalking, think about warsmailing (war snail-mailing). Activate one of these devices and drop it in at the post office addressed to yourself. It'll ride in postal delivery vehicles, stopping in front of each house long enough to do some serious searching until it reaches yours. Then unwrap and see what you've harvested. Only cost is the postage and packing, virtually no gas or calories from you. Well, and the battery charge. Include a GPS device.
It will help to be near the end of the delivery route. Maybe address it to a house that doesn't exist and it'll come back undeliverable (though it risks not coming back at all).
Variations would be to use UPS, FedEx, etc., especially how their routing systems take it into interesting business areas. Route influencing could be done by including legitimate packages.
If anyone does this, please let me know of the results. I don't have the ability to do this, so I'm putting it out there for others to try. I've only just thought of it. (I'll be Googling for "warsmailing".)
Note: this opportunity will only last (in the US) until the DoHS decides that any packages with detectably active electronics or EM emissions must be intercepted and detonated, and they may be doing this already. Other countries may vary.
Re:But does it run... oh wait (Score:1)
Re: (Score:1)
Re: (Score:2)
My main question is whether it would ever get much of a GPS signal. You could spend an awful lot of time and money putting together a project like that, only to have it spend its entire journey in steel-roofed buildings and metal trucks where it can't hear the satellites and not get any position fixes
Re: (Score:1)
When somebody invents a self booting open-source pen testing suite which you can lop on a cheap laptop, then I'll warsmail for you all you like. (Although, folks will typo with warm-sailing, so be aware
Proximity is no problem. (Score:5, Interesting)
One of the proposed uses is to turn it on and mail it to the site in question. It can perform "tests" (including man-in-the-middle attacks) "while sitting on the CEO's desk".
Or in the mail rooom. On in the inbox of somebody on vacation.
Of course that means it (or a similar device) could be shipped in the same way. It could run for a couple weeks (or until the battery is exhausted), rooting around the company's wireless LAN and shipping the result out the internet to the attacker's safe drop. Then (or when the package it opened) it could purge its own software and self-destruct or turn itself into something innocent appearing, such as a promotional toy. (Perhaps it could sucker somebody into recharging it.) Or it could be built into some other object and never discovered.
If the IT staff isn't on the edge of their seats about searching for rogue WiFi devices and/or sniffing network traffic it could have weeks to work undetected. Even if they ARE on the ball and have the cutting-edge stuff it can snag a lot of interesting stuff at computer speeds in the time it takes to hunt it down and kill it or succesfully cut it off from all outside contact (including masquerading as a legitimate device).
Re:Proximity is no problem. (Score:4, Insightful)
Unless it gets hooked up to some kind of battery array, I think we can safely peg the window for this thing at 24 hours at the extreme outside, though it's probably less than 12.
Now, depending on how smart it is, you could have it come up for 5 or 10 minutes at a certain time when you know something good will be available (e.g The boss syncs his pda), but it would have to be some cron-esque computer scheduled job, and I'm not sure why any environment (other than maybe a retail environment) would be running a regular job across wireless.
I think it'd be much more effective for the old Delivery Guy trick; something to keep in your pocket while you wander through the office, looking for someone to deliver your package to...Though I don't know how it is in other places, but where I work everything gets signed for in front, and a guard brings you your package. Of course, we don't use wireless either, so that's two for two.
Re:Proximity is no problem. (Score:2)
Re:Proximity is no problem. (Score:2)
I wonder as well about broadcast power vs battery life...In strictly passive mode it wouldn't matter, but trying an active MiM attack, you'd need to be broadcasting pretty strongly not to have the existing signal drown you out.
Re:Proximity is no problem. (Score:4, Informative)
if you don't have the screen on or the back light you can run for over a day and more if you only run wifi or bluetooth...
i have a dell axim x30 with the extended battery - internal wifi
if you design something to last you can pull it off..
Re: (Score:2)
What are your company's technology secrets, customer lists, and/or bid calculations worth to your competitors?
$3,000 hardware cost on an industrial espionage operation that lets your competition marginally underbid you on, say, a $200,000,000 project with 60% margins? Chump change.
On an op that lets them snatch your design secrets and combine them with their own, building a new product that drives your company under? You can play
Re: (Score:2, Informative)
As far as wireless cards go, what I have heard is that many of the wireless manufactureres will not release proper specs because transmission strength is soft-coded into the driver. an open source driver would allow people to increase the strength of the signal broadcast by th
Closed source device (Score:3, Informative)
Hardware *was* those companies' bread and butter a long time ago, when hardware was a big bunch of complicated dedicated chip cummunicating together. All the secret was in the hardware. And due to the diversity of OSes back then, a company had better to show specification in order
Not as good as Metasploit (Score:2)
CmdrTaco said:
Uhh (Score:1)
Pen Testing? (Score:1)
For real 'pen testing', stick with what a
Is there a 5-day background check? (Score:2)
Good. (Score:1, Funny)
Re:Good. (Score:2)
Re:Good. (Score:2)
Re: First Post SNAKES ON A PLAIN! (Score:5, Funny)
If you want to see Snakes on a PLAIN then go to Nebraska. They have lots of them there.
oblig (Score:1)
Re: First Post SNAKES ON A PLAIN! (Score:1)
Re: First Post SNAKES ON A PLAIN! (Score:2)
"hand-held hacking tool" aka... (Score:5, Funny)
Script kiddies (Score:2, Funny)
Since it's a pen-based device, should the users of this product be classified as "script kiddies"?
Don't delay! Buy now! The first 10 buyers will also receive an official Immunity Canvas' McGyver Swiss Army knife* (with lock-picking add-ons) and a t-shirt bearing the sentence "Look, mom: I'm a hacker!" in the front and "kick me" in the back.
* Parents: this is a safe product; to prevent i
So... it's a Zaurus running a pen-testing toolkit? (Score:4, Insightful)
Re:So... it's a Zaurus running a pen-testing toolk (Score:1)
Nmap
Zethereal
Ettercap
Ngrep
TCPDump
Kismet
Nmap
THC-Hydra
Nemessis
http://www.irongeek.com/i.php?submenu=zaurus/zauru sheader&page=zaurus/zaurusmain [irongeek.com]
All on a Zaurus 5500 and for a lot cheaper than the asking price of this new toy.
I've already got a portable hacking device... (Score:4, Funny)
Re:I've already got a portable hacking device... (Score:1)
Immunity's Dave Aitel (Score:5, Funny)
Nice, but does it run... (Score:1, Funny)
interesting, but... (Score:2)
Finally (Score:1)
Re:Metasploit has run on Zaurus for over 2 years (Score:1)
Last I checked we have 5 DoS's. But it's not quantity with something like this, it's quality. You need one really good Linksys exploit, no?
-dave
Re:Metasploit has run on Zaurus for over 2 years (Score:1)
As version 3.0 of the Framework gets closer to release, expect the situation to change. The new plugins
Good portable device (Score:3, Interesting)
What I want is a portable device the size of the old Libretto or Picturebook, with all the modern memory card type slots, wi-fi, ethernet, phone, USB, Firewire, PC-card, and anything else needed to interface with common devices and perhipherals. I don't want to have to carry a bunch of dongles and USB cables to use common hardware I might run into. I don't want a fast processor and memory, I just want the hardware interfaces and the longest possible battery life in a very small package.
All the mini-notebook makers out there seem intent on trying to cram as much processor power and memory into a small package, which incidentally results in them running so hot they could burn you, and shortens battery life to lunch-break length. What are you going to do with a Athlon 64, play WoW on a 8-inch screen?
*sigh* maybe this device will be different, but seeing as how it says "Currently it supports 802.11 (Wi-Fi) and Bluetooth wireless connections or optionally Ethernet via USB", it doesn't sound like it.
yes, that small (Score:2)
Visualsploit http://www.immunitysec.com/documentation/vs_nipri
Silica is a full port of Canvas onto the Nokia, not "allows simulated hacking attacks", instead "full exploitation framework".
Canvas licensing creams Core Impact (3kish vs. 30k).
Next up: Windows version (Score:2, Insightful)
positive? (Score:3, Interesting)
this could be bad for security (Score:2)
Re:this could be bad for security (Score:3, Insightful)
LARPing! (Score:1)
Old tech... (Score:1)
Pfft. I used hundreds of tools like this when I was in UNATCO way back in the 2050s [wikipedia.org].
Multitools I think the were called.
Nintendo-based? (Score:2)
Digging through Eisenberg's office (Score:1)
That linux stuff is just for hackers (Score:1)
Or, should I say HAXX0RZZ...