The research arm of IBM has a software tool under development to identify wireless LAN nodes that are vulnerable to a sneak attack by hackers, the company announced Thursday. Prototyped on a Linux-based wireless personal digital assistant (PDA), the device will be able to automatically monitor 802.11 wireless LAN networks and collect security-related information.
The project developed from internal concerns at IBM over the security of its own growing 802.11 network, said Dave Safford, manager of the Global Security Analysis Lab at IBM Research unit.
"We've been doing some 'ethical hacking' for a year now, demonstrating weaknesses in 802.11 networks," he said. "The real challenge is that 802.11 networks are exploding. Wireless managers don't even know where all the network access points are."
The Wireless Security Auditor prototype presents detailed information for all access points on an 802.11 wireless network, including station and network name, address, location, and security state. The software, which in prototype has been installed on a Compaq Computer Ipaq PDA with a 802.11 card, has a color-coded user interface, with properly configured access points shown in green, and vulnerable ones shown in red.
The project is at the stage where IBM can show it to security managers for beta-testing, but the company has no definitive plans for pricing or availability.
IBM's intent is to help security personnel prevent "drive-by hacking," the rising threat posed by hackers equipped with a wireless-capable computer wandering around businesses, looking for vulnerable wireless network access points to pounce upon.
However, an unobtrusive PDA designed to spot weak points in network security also sounds like a new tool for hackers looking to exploit a breach rather than fix one.
"One of the things we've tried to do is make this a passive device, just a scanner, so network administrators can see the weaknesses before the drive-by hackers can," Safford said. The limits of a PDA in terms of storage space and software capability make it a less ideal penetration device than a wireless laptop, he added. "I doubt very much that we'll see hackers using PDAs as their attack tools."