N800 Fights the Bad Guys

If you want to find the vulnerabilities in your system before the black-hat hackers do, Nokia's programmable handheld is just the ticket

Last month we took a look at the Nokia N800 as a platform for thought experiments in user-programmable ­ubiquitous computing (”Hacking the Nokia N800,” April). But the tiny, reasonably powerful device turns out to be ­useful in professional as well as personal contexts. A good example is the assessing of system security.

In the days of wired-only networks, an engineer would test a system’s penetrability by trying to hack in through firewalls or terminal servers or through social engineering--that is, convincing gullible employees to help him. Now anyone with a pocket-size device can carry out the same kinds of attacks wirelessly.

The further up they are on the corporate ladder, says Justine Aitel, CEO of Immunity, a security consulting company in Miami Beach, the more likely that managers will want allâ''wireless offices. And with ill-secured wireless networks abounding, all a system infiltrator--or ”cracker”--has to do now is get a package the size of a paperback book into a company’s mail room and headed for an executive’s desk.

Immunity sells N800s preconfigured with a downsized version of Canvas, the company’s laptop penetration-­testing tool. The program can run through a sequence of hundreds of known PC and server vulnerabilities once it finds an unguarded wireless connection. Then, with access to the Internet as well as local machines, the device can presumably send a detailed report home. Screen shots of the CEO’s PC make for especially compelling presentations, Aitel says. Or perhaps, considering that the preconfigured gizmo lists at US $3600, a penetration tester might want to wangle a quick trip inside, with the N800 concealed in a pocket or briefcase.

Those with more of a do-it-yourself spirit can download open-source tools and even use the N800’s own software to do security analysis. Keith Parsons, who teaches wireless security at the Institute for Network Professionals, in Orem, Utah, says that he often surveys the extent of a wireless network’s coverage by plugging in a set of earphones and walking around with the N800 connected to a favorite Internet-radio stream. Wherever he can hear audio, a cracker can connect to the network.

One step up is Kismet, which detects all ­wireless networks within range and logs network traffic for open networks (or those encrypted networks for which it has a key). Kismet can also detect certain attacks from other machines.

Aircrack, an open-source suite of attack-and-­analysis tools, can ­monitor encrypted networks as well as unencrypted ones. It uses one attack that can ­discover the ­password for networks secured with Wired-Equivalent Privacy at a 50 percent success rate after reading 50 000 ­packets, rising to 95 percent after 85 000 packets. That can take as little as 2 minutes if, for instance, an attacker broadcasts faked data to stimulate additional network traffic. Even with the N800’s late 20th-century-style CPU, notes Immunity software developer Alex Iliadis, the computing part of the attack is well within its capabilities.

Further up the open-software hacking food chain is Metasploit, a framework for security exploits. The modular software includes sets of methods for gaining initial access to a target system, tiny chunks of code for downloading more complex attacks into the target, and ”payload” modules that can do pretty much whatever a programmer wants with a computer once it’s been thoroughly compromised.

None of this gives me warm feelings about the safety of my own little wireless network. Maybe I’ll fire up a spare machine running Kismet and some other tools, just to see whose packets are dropping in for a visit.