Robot 'guard dog' protects Wi-Fi setups

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1039_3-5059541.html

By Declan McCullagh 
Staff Writer, CNET News.com
August 4, 2003

LAS VEGAS--A strange two-wheeled creature was skimming through the
halls of the Alexis Park Hotel on Sunday--a robot that sniffs out
network vulnerabilities.

Created by two members of a loose association of security experts
called the Shmoo Group, the robot is designed to wheel around on its
own detecting and reporting the security problems of Wi-Fi wireless
networks.

"The point of the hacker robot is that it can become an autonomous
hacker droid," said Paul Holman, the robot's co-designer, who
demonstrated it for the first time at the DefCon hacker convention
here. "It can get in close to the network. On the offensive side, it
can be used for corporate or political espionage. On the defensive
side, it can be used for network vulnerability assessment."

The prototype robot, which has not been named, may be the first
creature designed for this purpose. Holman and hardware engineer Eric
Johanson hope to sell custom versions of the unit to government
agencies and businesses that are worried about the security of their
own wireless networks or that hope to break into someone else's.  
Holman and Johanson have not yet set a price.

Wi-Fi setups are exploding in popularity in corporate America, but
according to Johanson, they frequently introduce security
vulnerabilities into a company's larger network.

"The biggest hole right now is wireless networks," Johanson said. "You
don't know what the coverage of your wireless network is. It's
variable, depending on the antennas being used by the guys on the
outside. Everyone's deploying wireless networks. And it's very
difficult to make them secure."

In its prototype version, the robot weighs about 40 pounds, can reach
a speed equal to that of a fast walk and can roll around for three
hours at a stretch before using up its power supply. It uses one
802.11b card to eavesdrop on a wireless network and a second card as a
control channel to communicate with its owner. Two batteries--a sealed
lead acid pack for the electronics and a nickel metal hydride pack to
drive the wheels--provide power.

Currently, Holman said, the robot can sniff out passwords sent through
protocols such as Telnet and POP, the post office protocol used for
e-mail. Its designers said they're still working on the autonomous
capabilities--including sensors to detect humans and obstacles--and so
they used a game controller that's attached to a laptop in a backpack
to maneuver the robot around DefCon.

Johanson suggested that his robot could be a cheap network guard dog.  
"If they can just plug this thing in and have it roam around their
wireless network, it's a more cost-effective way than having a human
do it."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.