Talk:Summer of Code 2008

From Openmoko

Hello openmoko team, Here is my proposal for the summer project.

The idea actually comes from the fact that nowadays a lot modern phones ship with WiFi connectivity-- this can potentially be used as an automatic vulnerability reporting tool. A lot of Wireless Admins leave their AccessPoints open to connections due to lack of knowledge-and hence their networks remain vulnerable to attacks like packet sniffing/bandwidth usage etc). This generally happens due to the admins lack of concern for security..

A few months back i found a wireless AP of a leading Indian cellular network near my apartment, my laptop could connect to it automatically. - access to the internet was wide open. - packets could be easily sniffed using Cain and ettercap. Plaintext passwords could be intercepted without much effort. - other vulnerable ports could be discovered using nmap scans.

So my idea is- to create a nmap plugin for openmoko phones,that would automatically scan the networks in range using nmap ,discover vulnerabilities and respond to the admin with the log files so that the vulnerabilities could be fixed.

In short- 1. the plugin/tool on the WiFi enabled device would start scanning the open APs in range 2. the discovered vulnerabilities will be stored in a simple log file, that would automatically be mailed(sent via some method) to the network admin, also a copy of this could be sent to network security research organizations.

. Also suggest some improvements that could be done so as to make the above idea better ;-)

cheers,

-anirudh sharma