Rather than just buy an Android phone like so many others are doing, in an effort not to let his phone’s lousy OS be outdone in its hacker factor, after asking its author nicely for the source code, developer SciLor cloned Penetrate to a WinMo cab, dubbing it SciLor’s Wifi Penetrate.

The original Penetrate, and presumably this one too (haven’t tried it myself), is effective against a certain set of wifi routers (D-Link, Thomson, SpeedTouchand their derivatives) which have, out of the box, some sort of preassigned password, unique to each router, but based on the SSID using some funky math that this software knows how to flip upside down with some help for certain routers from dictionary and rainbow table files.

The purpose of this, obviously, is not to try to be naughty and get yourself some free wifi or to break into other people’s networks. That would be ridiculous. I’m sure no one here would actually attempt to do that with these tools. But seriously, this is something sysadmins with such routers ought to fire up to attempt to penetrate their own setup and if they succeed to act accordingly (change the damn password). And then add penetration testing to the resume.

Thousands of people already have Android’s Penetrate and that’s still growing steadily. Adding WinMo to the mix may send a slightly amplified wake up call to the fine men and women who make these routers to come up with a better default password scheme.

More net bad than good out of this? Maybe a little. Definitely with the WinMo crowd piling on.

Doug Simmons

NO COMMENTS