— Spy Gear
Power Pwn: a DARPA-funded hack machine
The Power Pwn is a fully-integrated, enterprise-class penetration testing platform. A successor to the popular Pwn Plug, the device features a highly-integrated modular hardware design. Backed and funded by the Defense Research Projects Agency (DARPA), it aims to provide corporations and security-conscious individuals with a cheaper and easier means to defend themselves against hackers, by providing them with the same set of tools as their digital assailants.
With the appearance of a simple surge protector, the Power Pwn won't turn any heads, but crack open its unassuming casing and you'll find everything you need to run a full-scale security auditing software suite. The biggest draw of the device is undoubtedly its ability to perform tests remotely. A security professional can simply ship the Power Pwn to a corporate facility and gain access to the device covertly over Ethernet, wireless or 3G/GSM cell networks.
Text to bash functionality
The cellular network functionality allows users to text in bash commands via SMS. There's even the potential to take advantage of voice-recognition software such as Apple's Siri to push commands to the device.
Shipping with the Debian 6 instance of Linux, the Power Pwn aims to make comprehensive pentesting easier and cheaper for corporations and security professionals. Companies can mail the US$1,295 hardware out to their branches and conduct full-scale penetration tests of their remote networks, completely eliminating travel expenses.
A wide range of connectivity options including wireless, dual Ethernet and 3G/GSM cell networks.
There are concerns that hackers may use the device against its intended owners, but the backing and funding of DARPA should go some way to ensuring that the Power Pwn stays firmly in the hands of the good guys. To this effect, the CEO of Pwnie Express, Dave Porcello told Wired that 90 percent of the company's customers work for corporations or the federal government.
Full features and specs are as follows:
Onboard high-gain 802.11b/g/n wireless
Onboard high-gain Bluetooth (up to 1000')
120/240v AC outlets
16 GB internal disk storage
External 3G/GSM adapter
Fully-automated NAC/802.1x/RADIUS bypass
Out-of-band SSH access over 3G/GSM cell networks
Text-to-Bash: text in bash commands via SMS
Web-based administration with “Plug UI”
One-click Evil AP, stealth mode, & passive recon
Maintains persistent, covert, encrypted SSH access to your target network
Tunnels through application-aware firewalls & IPS
Supports HTTP proxies, SSH-VPN, & OpenVPN
Sends email/SMS alerts when SSH tunnels are activated
Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools and more.
Unpingable and no listening ports in stealth mode
Sources: Pwnie Express, Wired
About the Author
Chris specializes in mobile technology for Gizmag, but also likes to dabble in the latest gaming gadgets. He has a degree in Politics and Ancient History from the University of Exeter, and lives in Gloucestershire, UK. In his spare time you might find him playing music, following a variety of sports or binge watching Game of Thrones.
All articles by Chris Wood
LOL - if it's for testing, why is it disguised and bristling with stealth?
This gadget has exactly one use: industrial espionage, which was obvious in itself before they even told us who the customers were :-)
So, 90% of their customers are known corporate & federal users. And who are the other 10%? Not really, sure but the company took their money and sold stuff anyway?
Exactly what part of this is supposed to engender a sense of safety?
The most likely corporate users are going to be some of the same S%%tHeds in fine, trustworthLess industries like finance, pharmaceuticals, or Oil. The Feds are going to be folks like the A$$Ho@@s at FDA or EPA focused on hunting down employees squealing on the agency or the previously described corporations buying agency control on a rent-to-own plan.
While I cheerfully look forward to Julian Assange appearing in a Swedish court or the little Army private serving life for damaging national security I am not entirely certain there is reason to be pleased that someone can sneak into a system by just swapping out a power strip.
Over 160,000 people receive our email newsletter
See the stories that matter in your inbox every morning