woensdag 3 februari 2010

WifiAudit 1.0 for iPhone

WifiAudit is an iPhone application that helps you test the security of some specific wireless access points. It currently audits wireless a
ccess points produced by Thomson (also Speedtouch).
Eircom audit functionality will follow shortly.

Enter the last six characters (octets) from the Wifi SID and press the calculate button to see if the security key can be calculated.
If no key's show up, try broadening the yearspan (a broader yearspan will take longer to calculate).

Tap on a generated key to copy it to the
clipboard. Then open the settings app, connect to the Wifi network and paste the WEP key into the security settings to see if the key is valid.

Version 1.0 has been submitted to Apple for Review.


2 opmerkingen:

  1. Well that was not so unexpected....
    Apple rejected this version if WifiAudit saying:

    "We've reviewed WifiAudit and determined that we cannot post this version of your application to the App Store at this time because it can be used to facilitate illegal activity."

    They continue:

    "If you believe you can make the necessary modifications to bring your application in compliance with iPhone Software License Agreement, we encourage you to do so and resubmit it for review."

    Hmm, lets see how that would work.......
    I'm afraid not. Oh well, it was worth a try.

  2. I have contacted Apple to try to persuade them into rethinking their decision.
    Here's most of the email:

    "Dear iPhone App Review Team,

    I don't agree that this app is intended to be used to facilitate illegal activity. It's a security auditing tool which uses well known procedures that are readily available on the internet to make a point about someones network.
    It can be very helpful in a discussion about network security as giving examples often makes points that much clearer than talking about possible threats.
    Security issues are often hard to explain to someone that is not technically inclined, so showing the problem first hand is very effective.

    Showing the problem on an iPhone makes it that much clearer as it proves it doesn't need a supercomputer to calculate possible keys.

    The app is available in many forms on the internet, this iPhone version is just one more.

    Please reconsider your rejection or tell me what would be needed for you to accept the app into the app store."

    So far no reaction.

    What's funny is that they did not realize that an app that is intended to gain access illegally, would not have ad banners in it. The banners would only work _after_ the access is gained. Therefor it can not be intended to be used for illegal activity. Q.E.D.