Android App Brings Hacking Tool to Novices
Have an Android and wanna start pwning people, networks and machines like penetration testers do? Well you are in luck. Just what the world needs: another killer mobile app for the clueless who want to hack but need only to push a couple buttons to find targets or to take control of computers and servers.
At DefCon, Itzhak "Zuk" Avraham, also known as @ihackbanme, showed off the new hacking tool, "The Android Network Toolkit," dubbed Anti for short, which will soon be available for free in the Android Market. Looking for the catch for downloading and using the advanced hacking Anti app as a "penetration tool for the masses?" In the terms of service (TOS) for this powerful pen testing tool, Zuk and his security firm Zimperium will ask users to stick to white hat hacking. (See also Security, Hacker Conferences Have Technology Industry Buzzing").
Andy Greenberg, who saw the stealthy app in action, reported the documentation states, "Hacking is not for the chosen few. Anti is your perfect mobile companion, doing it all for you. Please remember, with great power comes great responsibility. Use it wisely."
At left is a screenshot of the app. The Anti app will:
"... offer a wi-fi-scanning tool for finding open networks and showing all potential target devices on those networks, as well as traceroute software that can reveal the IP addresses of faraway servers. When a target is identified, the app offers up a simple menu with commands like 'Man-In-The-Middle' to eavesdrop on local devices, or even 'Attack;' The app is designed to run exploits collected in platforms like Metasploit or ExploitDB, using vulnerabilities in out-of-date software to compromise targets."
Of course it's no shocker that the Anti app can exploit Windows with a Trojan so that attackers can "perform automated commands on hijacked machines." This might include grabbing a screenshot, ejecting a CD, or opening the calculator which are commonly done by pen testers as non-harmful proof of pwning. Anti can also target default SSH passwords in jailbroken iPhones. "We will be porting Android Network Toolkit (#Anti) to iOS..." tweeted @zImperium a few hours ago.
$10 can buy you a "corporate upgrade" of Anti, but otherwise the free app will bring mobile and advanced hacking to the masses. Zuk will offer Anti in the Android Market this week. If you have known and unpatched vulnerabilities in your network or your devices, then you are a potential target so fix it or be prepare to be exploited. Consider this a warning you should heed.
Also according to Forbes, security researcher Don Bailey said the app was "sick." Another defense contractor and pen tester called the "polished" app a "quick and dirty Swiss army knife for mobile pen testing."
Like Firesheep and, to a lesser extent, its wicked mobile cousin FaceNiff, the point of Anti is to increase security awareness. However, we all know it will be a new sweet toy for hackers with all color hats . . . that includes the clueless who are anxious to learn how to hack but don't otherwise have pen testing skills.