Penetrate – WEP key cracking app removed from the Android Market
Over the previous 18 months since discovering the Google Android Platform I have played with many an app from the Google Android Market, all of which were free, out of the many hundreds which I download apart from one which I did delve deep in to my pocket and paid the couple of pound to buy from the Android Market Place. That app was Penetrate, not just any old Penetrate, but Penetrate Pro. The full 3G supported version, without the need to download dictionaries whilst connected to a PC, the version which would allow you to happily crack your own (or a ‘friends’) WEP key as you walked around surveying your wireless environment for that WEP key you just couldn’t remember….
Although the application was only about £2.50 (UK £ sterling) I did think about it very carefully and then took the leap to buying my first Android market place app. I am now so glad I did as I and a few friends who also purchased the app from the Market Place have discovered Google have removed Penetrate Free and Penetrate Pro from the Android Market Place and un-installed any free versions which users had installed. Thankfully, so far our paid versions remain intact. NOTE – If you do ever need to re-set your Android phone to the point where you have to re-install your apps, Penetrate Pro will be gone, even though you have paid for it and will not be available to download from the Google Android Market Place.
The ‘Penetrate’ application performed penetration testing on Thomson and Speedtouch routers using a well know vulnerability. However the Thomson and Speedtouch routers were not purely used by their respective manufacturers, however also used by third party organisations who re-braded the equipment to make it their own. Such as some very large UK telecommunication and internet service providers. Penetrate made use of the known vulnerability as in order for some routers to perform the initial set-up, they generate router passwords from their respective SSID’s. These SSID’s are the router names which someone will see when searching for a wireless network to connect to. Such as ‘Bob’s Wireless’ for example.
It’s reported by the author of Penetrate that the week beginning the 11th April 2011 Google removed the Penetrate app from it’s Market Place following a complaint from a telecommunications agency. No names mentioned of course. Resulting in Penetrate and all similar applications cloned from penetrate having been removed from the Google Android Market Place.
Overall, this may not be surprising in relation to legality with regards to Google ad where they would stand on the matter. However, it is quite ironic that Google, the same company which sent Google Streetview camera cars around the globe recording ‘street views’ whilst at the same time ‘unknowingly’ accessing unsecured wireless networks and downloading data from them to their street view cars………………….talk about being a hypocrite!
It would however be nice to see a different take on the Android App to what Google have hypocritically taken so far and have approached it from a perspective of only being used for one purpose, that being malicious intent. What they need to consider is the benefits of the application, similar to that of the ‘Firesheep‘ plug-in for Mozilla Firefox. Penetrate has the ability to make people aware of how in-secure WEP is for wireless security as well as the ability to be a ‘password reminder’ tool in the event someone forgets their WEP key for their network as well as of course being an ‘Ethical’ hacking tool to test security vulnerabilities and weaknesses.
Even though the app has bee removed from the Android Market Place, hopefully it will become available in both free and paid for versions via the developers website. Along with means of supporting the applications development via PayPal donations etc with the hope additional manufactures and routers will be supported over time as well as additional encryption technologies with the use of WPA password lists. Although, these would require a pretty hefty SD card to contain a functional wordlist to crack a WPA/WPA2 key…..
You can read about the creation and removal of the Penetrate application and follow it’s current open-source future via the developers blog here.
You can also follow the developer via https://twitter.com/#!/defer.