[ISN] Robot 'guard dog' protects Wi-Fi setups

From: InfoSec News (isnat_private)
Date: Wed Aug 06 2003 - 00:28:13 PDT

  • Next message: InfoSec News: "[ISN] Black Hat: Joining Forces to Fight Hacking"

    http://news.com.com/2100-1039_3-5059541.html
    
    By Declan McCullagh 
    Staff Writer, CNET News.com
    August 4, 2003
    
    LAS VEGAS--A strange two-wheeled creature was skimming through the
    halls of the Alexis Park Hotel on Sunday--a robot that sniffs out
    network vulnerabilities.
    
    Created by two members of a loose association of security experts
    called the Shmoo Group, the robot is designed to wheel around on its
    own detecting and reporting the security problems of Wi-Fi wireless
    networks.
    
    "The point of the hacker robot is that it can become an autonomous
    hacker droid," said Paul Holman, the robot's co-designer, who
    demonstrated it for the first time at the DefCon hacker convention
    here. "It can get in close to the network. On the offensive side, it
    can be used for corporate or political espionage. On the defensive
    side, it can be used for network vulnerability assessment."
    
    The prototype robot, which has not been named, may be the first
    creature designed for this purpose. Holman and hardware engineer Eric
    Johanson hope to sell custom versions of the unit to government
    agencies and businesses that are worried about the security of their
    own wireless networks or that hope to break into someone else's.  
    Holman and Johanson have not yet set a price.
    
    Wi-Fi setups are exploding in popularity in corporate America, but
    according to Johanson, they frequently introduce security
    vulnerabilities into a company's larger network.
    
    "The biggest hole right now is wireless networks," Johanson said. "You
    don't know what the coverage of your wireless network is. It's
    variable, depending on the antennas being used by the guys on the
    outside. Everyone's deploying wireless networks. And it's very
    difficult to make them secure."
    
    In its prototype version, the robot weighs about 40 pounds, can reach
    a speed equal to that of a fast walk and can roll around for three
    hours at a stretch before using up its power supply. It uses one
    802.11b card to eavesdrop on a wireless network and a second card as a
    control channel to communicate with its owner. Two batteries--a sealed
    lead acid pack for the electronics and a nickel metal hydride pack to
    drive the wheels--provide power.
    
    Currently, Holman said, the robot can sniff out passwords sent through
    protocols such as Telnet and POP, the post office protocol used for
    e-mail. Its designers said they're still working on the autonomous
    capabilities--including sensors to detect humans and obstacles--and so
    they used a game controller that's attached to a laptop in a backpack
    to maneuver the robot around DefCon.
    
    Johanson suggested that his robot could be a cheap network guard dog.  
    "If they can just plug this thing in and have it roam around their
    wireless network, it's a more cost-effective way than having a human
    do it."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 03:02:20 PDT