Did you see this gadget, on show at the RSA Security Conference? It’s a “a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.” One of the scenarios created through this device is the ability “to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target’s office space…” Read more about this here, where Immunity CEO Dave Aitel makes the important point that “There’s wireless testing. Then there’s pen testing. Those are very separate things. With this, we’re joining those two things..”
The device can clearly be used for the purpose of testing one’s own environment but I was pondering on the potential threats that this device might pose. It makes for a stealthy way to attack security within an office environment and perhaps just as worrying is the threat it might pose to workers who are getting into the habit of sitting in the coffee-shop and on other public Wi-Fi networks to catch up on work.
And here’s a comment I found on Slashdot
Activate one of these devices and drop it in at the post office addressed to yourself. It’ll ride in postal delivery vehicles, stopping in front of each house long enough to do some serious searching until it reaches yours. Then unwrap and see what you’ve harvested. Only cost is the postage and packing, virtually no gas or calories from you.
Quite, we’ve got to watch that calorie burn!