7:21 AM
indigo
If you saw this bad boy under your desk, would you say anything?
It may look like a surge protector, but it’s really a remote access
machine that corporations can use to test security and log into branch
offices. Called the Power Pwn, it’s a stealthier version of the little box that can hack your network we wrote about last March.
Hidden inside are Bluetooth and Wi-Fi adapters, along with a number
of hacking and remote access tools that let security experts prod and
poke the network, and even call home to be remotely controlled via the
cellular network.
There’s a “text-to-bash” feature that lets you send commands to the
device using SMS messages. Some customers conducting penetration tests
of corporate security have been using Apple’s Siri voice-recognition
software to send these messages, says Dave Porcello, the CEO of Pwnie
Express, the company that makes the Power Pwn. “Basically, they are able
to speak pen-testing commands into their phone.”
It’s a device “you can just plug in and do a full-scale penetration
test from start to finish,” Porcello says. “The enterprise can use stuff
like this to do testing more often and more cheaply than they’re doing
it right now.”
Companies can buy the $1,295 Power Pwn and mail it out to branch
offices to do quick security tests of their remote networks, Porcello
says. About 90 percent of Pwnie Express’ customers work for corporations
or the federal government.
The device, like its Pwn Plug predecessor, comes with easy-to-use
scripts that cause it to boot up and then phone home for instructions.
“It’s pretty sturdy. You can send it through U.S. mail and you can send
it through FedEx and the setup is easy,” says Jason Malley, who works in
alarm-system maker Tyco’s security and compliance group. “This tool
really cuts down on time and expenses.”
Malley wasn’t allowed to talk about what Tyco is doing with the
devices — he’s been using them for more than a year — but he says that
they go over really well when he pulls them out in informal “lunch and
learn” demonstration sessions. “It’s actually a really great security
awareness tool,” he says, “because we can talk about things in theory.
When you pull the thing out and say it’s not theory, it definitely helps
and you notice things.”
This Power Pwn was developed with money from a new Darpa (Defense Advanced Research Projects Agency) program called Cyber Fast Track,
which is trying to jumpstart a new generation of cyber-defense tools.
“It’s kind of taking the tools that the hackers are using and putting
them in the hands of the people that need to defend against the
hackers,” Porcello says.
