Bob Landman, of HL Instruments posted this on the SCADA list today.
I hope it shakes the trees. We’ve made enough noise about wireless that the blackhats are really gearing up to “help” us improve wireless security.
Wireless Hacking Tool Makes Splash at RSA
Among the most intriguing technologies being shown off at this year’s ongoing RSA Conference in San Francisco is a mobile penetration testing application made by Miami Beach, Fla.-based Immunity that allows people to scan networks for vulnerabilities on the go.
Dubbed Silica, the sleek handheld, based on a Nokia tablet device, claims the ability to test wireless network security using Wi-Fi technology—with other form factors and support for Bluetooth and wired Ethernet connectivity planned for delivery by Immunity soon.
The handheld is specifically being pitched by the 10-employee firm, founded in 2002, as a method for people to search for unprotected access points without drawing attention to their efforts. Users can casually stroll around any office building and simply scan the airwaves for network access “while behaving innocuously,” said Justine Aitel, chief executive of Immunity.
The application is built around a Linux operating system and is based on the firm’s more robust Canvas product line of penetration testing software. It features three simple functions—scan, stop and upgrade—making it the perfect choice for people seeking carefree mobile hacking capabilities, according to the vendor.
Aitel, a former chief security officer with business news outlet Bloomberg, said Immunity has received a fair number of orders for the devices over the last few days at RSA.
“We’re always trying to reach different markets, and an increasingly sophisticated user base has been asking us for something like this that is simple to use and move around with,” Aitel said. “It’s also a way for us to reach out to slightly different groups of customers than in the past, and a different crowd than we typically cater to with Canvas.”
The former CIO cooked up the idea for the mobile hacking device while at Bloomberg, where she was constantly worried about the use of rogue access points and unprotected wireless networking systems.
Whether being used to carry out man-in-the-middle attacksagainst unguarded wireless users or to seek out file shares sitting on people’s desktops, the device is a convenient platform for proving the need for stronger access protection, according to the executive.
“People can ship this to their operations anywhere in the world to help test the vulnerability of their corporate networks,” the CEO said. “We think there’s a real market for this type of device.”