The Metasploit Project plans to add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool, a move that simplifies the way wireless drivers and devices are exploited.
The controversial open-source project, created and maintained by HD Moore, of Austin, Texas, has added a new exploit class that allows modules to send raw 802.11 frames at one of the most vulnerable parts of the operating system.
For more on this topic, see Security: The Trouble With WiFi
In recent months, there has been an increase in public awareness around the severity of wireless driver flaws. At the August 2006 Black Hat Briefings in Las Vegas, researchers David Maynor and Jon “Johnny Cache” Ellch showed off a new technique for breaking into computers via Wi-Fi driver vulnerabilities on Windows and Mac systems.
The Black Hat demo pushed several vendors—Intel, Apple and Toshiba—to release patches and prompted Microsoft to invite Ellch to its internal BlueHat security conference to explain the risks to Redmond executives and employees.
According to Moore, Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits.
Read the full story on eWEEK.com: Wi-Fi Exploits Coming to Metasploit
