[LINK] The Power Pwn Powerboard

stephen at melbpc.org.au stephen at melbpc.org.au
Sat Jul 28 22:34:18 AEST 2012 

Care to buy a well-disguised DARPA 'network tester'.. 

 http://pwnieexpress.com/products/power-pwn

"Power Strip's a Penetration Testing Tool in Disguise"

Advanced penetration testing product maker Pwnie Express has unveiled a 
new tester that looks just like a power strip. (Pwnie Express is funded 
by DARPA, http://www.darpa.mil)

By Richard Adhikari
LinuxInsider 07/24/12 5:00 AM PT 
http://www.linuxinsider.com/rsstory/75706.html


The Power Pwn is a fully integrated enterprise-class device that can be 
used over Ethernet, wireless or Bluetooth connections.

It is priced at US$1,300 and is currently available for pre-order.

The Power Pwn "is similar to a 1.2 GHz ARM-based processor running 
Linux," M. Anthony Hughes, customer development manager, told 
LinuxInsider. It runs well-known open source tools including MetaSploit.

Pwnie Express is funded by DARPA, but Hughes declined to disclose further 
details of its funding because it's a private company. 

My Little Pwnie 

The Power Pwn has fully functional 120/240v AC sockets. It comes with 16 
GB of internal disk storage and onboard dual-Ethernet ports. It can be 
used with high-gain 802.11b/g/n wireless services or with high-gain 
Bluetooth, the latter at a range of up to 1,000 feet.

It also has a fully automated NAC/802.1x RADIUS bypass; out-of-band SSH 
access over 3G and GSM cell networks; and an unlocked external 3G/ GSM 
adapter. The 3G/GSM adapter is compatible with SIM cards from AT&T, 
Vodafone, Orange and GSM carriers in more than 160 countries.

Users can text in Bash commands through SMS.

The Power Pwn maintains persistent, covert, encrypted SSN access to 
target networks.

It tunnels through application-aware firewalls and intrusion-prevention 
systems. It supports HTTP proxies and SSH-VPN. It is said to be 
unpingable, and it has no listening ports in stealth mode.

The Power Pwn comes preloaded with Debian 6, Metasploit, SET, Fast-Track, 
Aircrack and other tools.

"The tools on it are all open source, well known tools," Pwnie Express' 
Hughes said.

The Power Pwn has a graphical user interface (GUI) that's used to 
configure it to a qualified domain name or a public IP address on a 
receiver station, either over Ethernet or wireless or 3G. It can be 
managed over the UI or through a command line, Hughes said. 

A Double-Edged Sword 

Once the Power Pwn is deployed, if it engages network access control and 
runs in stealth mode, it is essentially undetectable, "but we would hope 
that people would be able to walk around, look around, and question 
things in the environment," said Hughes. User education is key.

That difficulty of detection makes the Power Pwn a two-edged sword and 
has raised fears about its being a useful tool for hackers.

"It is a tool meant for legitimate pen testers, obviously," Bob Walder, 
chief research officer at NSS Labs, told LinuxInsider. But if it's 
surreptitiously installed for malicious purposes, it "could provide 
access to the corporate network from outside the building."

"The comment about the product getting in the wrong hands or someone 
using it for malicious purposes is something we hear a lot," Hughes 
sighed.

On the other hand, "virtually any technology that can be used for good 
can be used for bad," Randy Abrams, research director at NSS Labs, 
pointed out. "The device is not the threat -- the existing 
vulnerabilities are the threat." 

Tracking the Pwnie 

While clever installation will minimize the risk that the Power Pwn will 
be discovered, it's not quite invisible, NSS Labs' Walder said. "Good 
monitoring or SIEM tools will provide an indication that something bad's 
happening on the corporate network and allow detection or blocking or 
remediation of its actions."

At the very least, "a high-gain Bluetooth signal will stick out like a 
sore thumb if you monitor for such things," NSS Labs' Abrams told 
LinuxInsider.

Still, if the use of the tool should become widespread, "companies would 
theoretically be able to identify and plug vulnerabilities," Abrams 
said. "This would make the hacker's job more difficult, but not 
impossible. Security is risk management, not risk
elimination."

Message sent using MelbPC WebMail Server

More information about the Link mailing list