— A point-and-click computer program that can automatically hack into vulnerable wireless networks - or probe them for weak spots - has been released by US researchers. Experts say it highlights the importance of ensuring that wireless networks are configured securely.
The program combines several existing wireless hacking tools and an easy-to-use "front end". It was revealed at the DECFON computer security conference in Las Vegas, US, over the weekend.
The tool, called WiCrawl, sniffs out wireless access points and automatically probes them for weaknesses. It combines tools that have been around for a while but normally require more expertise to use. However, providing a wireless network has been configured securely - using the strongest possible encryption - it should be invulnerable.
Aaron Peterson, who developed the program and is founder of a Seattle security company called Midnight Research Labs, demonstrated the program at the conference.
"The goal is to automate the tedious task of scanning Wi-Fi access points for interesting information," a summary describing WiCrawl states. "This can be a useful tool for penetration testers looking to 'crawl' through massive numbers of access points looking for interesting data."
Once activated, WiCrawl will search for wireless local area networks within range and can automatically probe for specific vulnerabilities. It then calls up the tools needed to exploit these vulnerabilities and gain access to the protected network.
The program is designed to work with multiple wireless cards, so that one card can scan for available networks while one or more other cards probe nearby networks for weaknesses.
Matt Bevan an independent computer security consultant based in the UK says WiCrawl highlights the importance of making sure a wireless network is configured securely. "Every wireless router or hub comes with security options but they are usually switched off by default," he notes. Other software tools, such as firewalls and anti-virus software can give added protection, he says, providing these have also been configured correctly.
Other experts insist that WiCrawl will help administrators make sure their network is secure.
"In general what happens with security tools, you get a lot of little pragmatic pieces here and there that are good at one thing," says Paul Holman, a Seattle security researcher with The Shmoo Group, a computer security think tank. "Wicrawl attempts to roll up all those little pieces and make them useful."
Holman admits that Wicrawl could make it easier for criminals to crack wireless systems, but he contends that this is outweighed by its usefulness to administrators.
However, Bevan says tools like WiCrawl can easily prove to be double-edged. "It could be very useful, but the downside is that it is now in the hands of virtually anybody."