Openmoko GSoc Idea

[Anirudh Sharma]

Hello openmoko team, Here is my proposal for the summer project.

The idea actually comes from the fact that nowadays a lot modern phones ship
with WiFi connectivity-- *this can potentially be used as an automatic
vulnerability reporting tool.* A lot of Wireless Admins leave their
AccessPoints open to connections due to lack of knowledge-and hence their
networks remain vulnerable to attacks like packet sniffing/bandwidth usage
etc). This generally happens due to the admins lack of concern for
security..

A few months back i found a wireless AP of a leading Indian cellular network
near my apartment, my laptop could connect to it automatically. - access to
the internet was wide open. - packets could be easily sniffed using Cain and
ettercap. Plaintext passwords could be intercepted without much effort. -
other vulnerable ports could be discovered using nmap scans.

So my idea is- to create a nmap plugin for openmoko phones,that would
automatically scan the networks in range using nmap ,discover
vulnerabilities and respond to the admin with the log files so that the
vulnerabilities could be fixed.

In short- 1. the plugin/tool on the WiFi enabled device would start scanning
the open APs in range 2. the discovered vulnerabilities will be stored in a
simple log file, that would automatically be mailed(sent via some method) to
the network admin, also a copy of this could be sent to network security
research organizations.

. Also suggest some improvements that could be done so as to make the above
idea better ;-)


cheers,

-anirudh sharma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/openmoko-devel/attachments/20080330/b909075f/attachment.html