Specs-wise, the Nexus One looks to be the clear winner for the next littlest hack station. The Nexus One sports a 1 GHz Qualcomm processor with 512mb of RAM. I don’t know about you, but I still have servers with those sorts of specs running my day-to-day functions. The Android G1, which has done a fine job as littlest hack station, has a 528 MHz processor with 192mb of RAM. The thing I don’t like about the iPhone is the technical specifications page. They give me information about fingerprint-resistant, oleophobic (Microsoft Word doesn’t even think that is a word) stuff, but not a word about the processor speed or RAM. Other websites high on the Google hits quoted 600 MHz processor with 512 MB RAM for the current model 3GS. This only matters in the short term though. Smartphones are the new computers (way more than orange is the new pink), and everybody knows when you buy the cutting edge computer it becomes obsolete on the drive home from the store. A year from now, there will be a new iPhone and, if it makes it, a Nexus One Point One.

While there have been things worth jailbreaking that have not been jailbroken (the GPU of the PS3 comes to mind), odds are good that if people with the know-how are interested in jailbreaking the Nexus one, they will. The iPhone was first announced in January 2007, and by August 2007 the first, albeit complicated, unlock had been completed with the first jailbreaking application for 3GS appearing less than two months after the phone was announced. As for Android phones, a fix for a flaw that allowed users to run instructions as root in the Android operating system on the G1 was released in November of 2008, while the G1 was first released towards the end of October 2008. Work on hacking the G1 has continued with rooting applications, downgraders, custom firmware, full Debian installs, and other cool stuff. However, there seems to have been little interest in the community in working on later Android models.

The problem with keeping the secrets of these Smartphone operating systems hidden from curious hackers forever is they are Unix based, or in the case of iPhone OS, Mac OS based which is in turn Unix based, and hackers built Unix. While manufacturers may not be down with hackers using the full capacity of their devices, it’s just a fact of life. With enough community interest and talented minds, it seems inevitable that the full power of the Nexus One will be available to us in the near future.

With more hype behind Android, it is likely there will be at least some converts from the kingdom of iPhone to the Republic of Android. One thing the Android Market has going for it is freedom for developers. There has been much woe from all sides pertaining to Apple’s requirement that all apps including updated versions of existing apps go through the lengthy approval process. While it is a deft argument that this process actually helps to protect users from security breaches by reviewing apps for potential malware, iPhone could also be dubbed a security killer. What happens when a popular application is found to have a major security flaw in the code? The developers cooperate with researchers and fix the problem, but then the updated version sits in the approval queue while malicious attackers exploit the vulnerability. Many developers including, some security conscious types, will no doubt see the appeal of Android’s open market resulting in more apps for Nexus One.

There’s no doubt that the Android G1 is an enjoyable little hack station. “Is she texting, or is she reading all your web traffic?” is a worthwhile question if you are connected to a public access point. More information on becoming Starbucks Wi-Fi is here. (Disclaimer: Only with permission, never for evil, proof of concept, etc. etc. etc.) With additional interest and hours from the community to integrate the hardware with available tools, the sky is the limit. So, is the Nexus One an “iPhone killer?” Probably not. However, it is in a good position to have a solid foothold in the smartphone market and be a fun tool for hackers.

So why does Backtrack rock in general? It’s basically most of the tools you will need for your pentest all rolled into one and set up nicely. I say most because it doesn’t have your commercial tools such as Nessus built in for obvious reasons, though it is possible to integrate your licensed Nessus into your Backtrack install. Ever been setting up Dradis for your first big pentesting gig at a new company on a recently imaged box? You’ve got your ruby prerequisites (rubydev, opensslruby, etc.), various gardening tools, SQLite, diamonds, garnets, and opals. At some point in the process of getting it all integrated, even your technically savvy individual may find himself ruing the day he decided it was a good idea to wait until the night before to build the pentest box. In Backtrack it goes like this:
root@bt4: cd /pentest/misc/dradis/server
root@bt4: ruby ./script/server
Done.

So why upgrade to Backtrack 4? First off, there’s the obvious perk of having the newest versions of all your favorite tools and some you’ve had on your list to check out for a while now. It also includes some new tools that have been developed in the interim since Backtrack 3 came out way back in summer of 2008, saving you the trouble of those pesky installs and svn checkouts. A great new tool that’s making its Backtrack debut on the final release of Backtrack 4 is re1ik’s social engineering toolkit (SET). Additionally, Backtrack 4 is Ubuntu based rather than Slackware based. While Backtrack 3 was great, your Ubuntu-based system has its perks as far as driver integration goes. As more and more people move from just the Live-CD Backtrack approach to using Backtrack as the base operating system on their pentesting boxes, this can only be a step in the right direction. Speaking of installation, Backtrack 4 final has an installation script that looks a lot like the GUI-based point-and-click installation wizards seen in system such as Ubuntu, resulting in a more hands-off approach than persistent changes in Backtrack 3.

The only drawback with Backtrack 4 as is that I can think of would be trying to write up your reports in Backtrack. Let’s not get into any holy war between writing in vi or nano, and just suffice to say it’s not easy. Backtrack 4 does come with Emacs, and some included tools such as Maltego make some pretty graphs. Plus, you can install OpenOffice on Backtrack, so it’s not that big of a drawback after all.
All in all, Backtrack 4 is the bomb, and if you haven’t jumped on the bandwagon, my advice is to get to it.

Georgia