Wifi Penetration [Android]

Diogo Ferreira, known on XDA as deovferreira, has cooked up Penetrate for Android, available if you can believe it on the market, which “maps Thomson, SpeedTouch and D-Link SSIDs and MAC addresses into their respective default keys” (officially meaning if you own one of those routers and want to make sure your network is secure from a bunch of Android users, you’d better test it out with this application — unofficially meaning, well, I don’t think I need to spell that out).

I am spreading the word here (and mirroring the dictionary file) not to encourage naughtiness but to keep the pressure on the likes of these companies to step their game up security-wise and release advisories on password and encryption configuration, patches, whatever they’ve got to do in addition to doing things differently for devices they haven’t sold yet in order to keep their customers’ networks more solid out of the box so that it isn’t a free-for-all to anyone who knows how to install an Android application from Google’s market by Google Goggling the barcode thing right here. That’s just too easy.

And also to give a heads up to sysadmins and to anyone who owns one of these routers that in addition to a bunch of other people, you now have an aptly named tool you should use for some quick and easy wifi penetration testing. If the program successfully figures out your keys, better check your manual or with the manufacturer to find out how to lock it down better or get another router or access point or ask for advice on the developer’s thread.

Just to iron that in a little harder, Penetrate is being installed and configured by someone roughly once a minute; so again, if you’re in control (legitimately) of any Thomson, D-Link or SpeedTouch wifi routers, and security is something you consider to be vaguely important, take note.

Doug Simmons