As if we didn't have enough cause to be paranoid about WiFi hacking, Justine Aitel has worked out a way to do it completely automatically -- your ports will never be safe again. Justine's Immunity Inc. has developed a tool it calls Silica, which runs a custom version of CANVAS, Immunity's point-and-click attack tool, on a Nokia 770. The 770's touchscreen displays three simple buttons: "Scan," "Stop" and "Update Silica." As soon as you hit Scan, Silica can start hopping onto WiFi networks, search for open ports, and automatically launch code execution exploits. For instance, you could set Silica to download anything of interest off of exploitable file shares, then put the 770 in your pocket and walk through an office, gleaning all sorts of fun files to peruse later, or even have the device actively penetrate machines and have them hook up to an external listening port via HTTP / DNS at your bidding. Sounds pretty malicious, but it's all in the name of safety -- Immunity sells the $3,600 device to penetration testers to have a quick and automated way of testing network security on the spot. Once you're done running the scan, you get an HTML report of Silica's findings, meaning even a noob can get their hack on with this thing. Immunity keeps track of new exploits, and sends out updates about once a month to Silica users. Of course, Immunity also tries to be careful who they sell the device to to make sure it doesn't fall into malicious hands, but there's no way to be 100 percent sure, so we recommend unplugging your router now, selling the house and kids and moving to a mountain cave before it's too late.

[Via Slashdot]

0 Comments

Silica hack "tester" perhaps too good at its job