Silica hack "tester" perhaps too good at its job

by Paul Miller posted Feb 9th 2007 at 10:26AM

As if we didn't have enough cause to be paranoid about WiFi hacking, Justine Aitel has worked out a way to do it completely automatically -- your ports will never be safe again. Justine's Immunity Inc. has developed a tool it calls Silica, which runs a custom version of CANVAS, Immunity's point-and-click attack tool, on a Nokia 770. The 770's touchscreen displays three simple buttons: "Scan," "Stop" and "Update Silica." As soon as you hit Scan, Silica can start hopping onto WiFi networks, search for open ports, and automatically launch code execution exploits. For instance, you could set Silica to download anything of interest off of exploitable file shares, then put the 770 in your pocket and walk through an office, gleaning all sorts of fun files to peruse later, or even have the device actively penetrate machines and have them hook up to an external listening port via HTTP / DNS at your bidding. Sounds pretty malicious, but it's all in the name of safety -- Immunity sells the $3,600 device to penetration testers to have a quick and automated way of testing network security on the spot. Once you're done running the scan, you get an HTML report of Silica's findings, meaning even a noob can get their hack on with this thing. Immunity keeps track of new exploits, and sends out updates about once a month to Silica users. Of course, Immunity also tries to be careful who they sell the device to to make sure it doesn't fall into malicious hands, but there's no way to be 100 percent sure, so we recommend unplugging your router now, selling the house and kids and moving to a mountain cave before it's too late.

[Via Slashdot]

Filed under: Handhelds, Wireless

Tags: canvas, hack, hacking, immunity, nokia 770, Nokia770, penetration testing, PenetrationTesting, silica, wifi

Subscribe to these comments

Reader Comments (Page 1 of 1)

Neutral

... @ Feb 9th 2007 7:10PM

I would prefer nessus and aircrack running on hx4700, perhapse with a little metasploit action for good measure... At least it would only cost 1/15 as much ($250 for the hx4700...)

but I suppose if you have money to burn...

Neutral

Samuel McConnell @ Feb 9th 2007 10:37AM

Selling the house AND kids? Quite the sacrifice for network security.

Neutral

Matt @ Feb 9th 2007 11:09AM

Initially I had the same reaction about the kids, but then I thought a little more about it.... I was a kid once, and yeah, pretty sure, that selling the kids would increase the whole safety factor.

Yup. Definitely would help.

Neutral

Nick @ Feb 9th 2007 11:01AM

I effing want one.

NOW.

...Cause... Um... It would be interesting to see how well it works on my schools 'hardcore' network (I go to OU, the school whose medical records were hacked about a year ago.)

Neutral

Mrfreezie @ Feb 9th 2007 11:49AM

Nope, you better get rid of the kids. They're weak, a security hole.

Neutral

Deadturtle @ Feb 9th 2007 11:52AM

Ooooo toys!!!

I mean.. umm... we have a wifi network here at work... and ummm I'm the security officer.

Yeah thats it, im the security officer here and I need one to ummm.. test security.

Its a neat idea, especially for penetration testing, but I hate to think of what would happen if some of the kids in our Cisco classes got their hands on one. On the other hand it would be interesting to see what this did see on our network.

Neutral