Security researcher recently at the Defcon 19 conference has demonstrated new android application-ANTI which aims at the white hat sort that looks to find vulnerabilities that can be patch to make the network or device more secure. So clearly the app can also be used to hack networks and steal data without authentication. The app allows the user to scan for WiFi networks, open networks, and run a trace route to find IP addresses for servers. Once the target the user wants to attack is found they can execute attacks using vulnerabilities in out of date software.
“We wanted to create a penetration testing tool for the masses, says Itzhak “Zuk” Avraham, founder of Tel-Aviv-based Zimperium. “It’s about being able to do what advanced hackers do with a really good implementation. In your pocket.”
Anti application is equipped with few exploits: One aimed at a bug in Windows–the same flaw exploited by the Conficker worm in 2009–another targeting default SSH passwords in jailbroken iPhones, and a third exploiting a vulnerable, older version of Android. Zimperium has also built a Windows trojan that allows Anti to perform automated commands on hijacked machines like taking a screenshot, ejecting a CD, or opening the calculator, a common penetration-testing demonstration.
Android is taking a serious entry in penetration testing with application like nmap, metasploit, faceniff(which proved revolution)
We will keep u updated as soon as videos & other presentations of defcon 19 are made public.
source
No comments:
Post a Comment