A double-edged sword has arrived for use by network hackers, courtesy of security software developer Zimperium. At the Defcon hackers’ conference last week, the company demonstrated an upcoming Android app called Android Network Toolkit (“Anti”) primarily designed for mobile penetration testing.
When used in penetration testing, the app will “sniff” local networks and locate and demonstrate vulnerabilities in hooked up computer systems–with the push of just a few buttons. The idea of penetration testing is to find out whether a network is secure and waterproof enough to keep unauthorized users out.
There already are several tools for such “hacking,” although Zimperium’s Anti brings a pocket-size tool to the Android platform–and at a relatively cheaper price than other professional penetration testing suites. For non-commercial use, the app is free to use. For corporate and business use, an upgrade costing US$10 is also provided. That’s practically cheaper than most other network penetration testing software, which reportedly costs hundreds, or even thousands, of dollars.
Zimperium’s founder, Itzhak Avraham, told Forbes that they wanted to create a testing tool “for the masses,” a tool that can “do what advanced hackers do with a really good implementation. In your pocket.”
Avraham said that the Android tool will allow users to scan Wi-Fi networks to discover open networks and potential target devices on those open networks. The app will also include traceroute software for identifying IP addresses of remote servers. When the app finds a vulnerable target, the app offers the user several command options, such as “Man-in-the-Middle” for “eavesdropping” on the “conversation” on the devices. “Attack” is another possible command and will tell the app to exploit existing vulnerabilities in the target machine in order to compromise it.
A network penetration testing tool such as Anti will be able to help a network administrator find out whether the network is vulnerable and where such vulnerabilities lie. When vulnerabilities are discovered, the next logical step would be to patch up those holes to keep intruders out.
Anti can also be used by black hat hackers–those that have evil purposes for hacking. Avraham, however, intends to restrict the tool’s use only to white hat penetration by specifying such use in the app’s terms of service. “Anti is your perfect mobile companion, doing it all for you. Please remember, with great power comes great responsibility. Use it wisely,” Avraham said.
Zimperium plans to publish the Android Network Toolkit app on the Android Market soon.
Image credit: Martin Pettitt (Flickr), Forbes