RSA 2007: Wi-Fi hacking, with a handheld PDA

Ryan Naraine posts on his blog that Silica was perhaps the "most scary device" at the 2007 RSA Security Conference. Silica is Aitel Immunity's palmtop tool that is able to covertly scan for open Wi-Fi access points and optionally launch hundreds of exploits at local networks. Silica runs Debian Linux on the Nokia 770 Internet Tablet and has 802.11 capabilities. Migration of the system to other hardware platforms is planned, as are capabilities for Bluetooth, ethernet-by-USB, and GPS, for automatic location identification.

The market for Silica is clearly penetration testing, not enablement of criminal hacking. From Naraine's article,

Aitel said Immunity is careful to do due diligence when selling its products, which can fall into the wrong hands and end up being used for illegal purposes. "We don't sell to anonymous users. We make a fair effort to vet buyers and know where the money is coming from and who we're shipping to," she explained.

Despite all good intentions, Aitel goes on to admit there is no way to guarantee units sold through proper channels could not fall into unintended hands.

A greater concern to me is that I'm guessing the hundreds of exploits are not proprietary to Aitel. Aitel's differentiator is in packaging them into a mobile and seductively easy-to-use, $3,600 platform. This is a convenience for large, legitimate organizations. However, there is nothing to prevent a determined hacker form purchasing a Nokia 770 in consumer retail channels for $360, and all to many exploits are already freely available to them. Now that's something really scary.

Q. Are wireless exploits scary to your organization?

Photo: from zdnet.com.

New York may ban iPods while crossing street

Reuters has picked up what we must have known all along: electronic gadgets can be distracting, to the point of causing death to pedestrians in traffic. What may be surprising is that the pedestrians themselves are the ones using the devices, while blithely walking into the path of moving vehicles.

Three deaths were noted in Brooklyn alone. To be fair to the iPod brand, Blackberry and other devices were also at fault (or at least accessories to the accidents.)

New York State Sen. Carl Kruger says three pedestrians in his Brooklyn district have been killed since September upon stepping into traffic while distracted by an electronic device. In one case bystanders screamed "watch out" to no avail.

Mobile phones have a history of causing death by distraction. It looks like bans on device use may not be just for automobile drivers, anymore.

Q: Are dangers due to distraction a real menace, or just over-hyped fantasies dished out on a slow news day?

Photo credit: REUTERS/Charles Platiau

Avis is expected to offer in-car Wi-Fi hot spot by March

Reported in the International Herald Tribune, Autonet Mobile plans to start shipping the Mobile In-Car-Router for the US in Spring 2007. The wireless router, which essentially turns your vehicle into a Wi-Fi hotspot doling out 400 Kbps to 1 Mbps bandwidth, is specifically engineered to prevent network drops while your car is in transit. On January 2, 2006 Autonet Mobile and Avis announced that Avis would adopt the Autonet mobile hotspot in its fleet, available to customers for an additional fee.

Autonet chose Wi-Fi to incorporate the plethora of devices that connect by Wi-Fi, naming laptops, media players, cameras, phones, and even video game consoles. Clearly this surfing, streaming, and gaming experience is not intended for the driver while in motion. We hope.

Today even my GSM phone still finds deadspots in the greater metropolitan area in which I live. Autonet addresses the concern about dropped connections two ways: using a nearly-ubiquitous 3G networks in North America, and TRU Technology (patent pending). Autonet claims that their unit is designed to work on 95 percent of U.S. roads. I assume similar claims can be made by the numerous broadband PC cards available to wireless network subscribers. Autonet's secret sauce is staying connected while in motion which uses a patent-pending technology which is evidently based on how the Space Shuttle manages its data network connection to the ground.

The proof will be in the doing, and Avis customers will be able to kick the tires on the In-Car-Router for $10,95 per day, starting in March 2007. For individuals, the Autonet mobile unit is priced at $399, and the monthly service charge at $49.

Q: If your In-Car-Router is plugged into your vehicle's 12VDC power outlet, how many more outlets do you have to spare for the devices actually connecting to the In-Car-Router?

Photo source: Autonet Mobile, Inc.