Power Strip's a Penetration Testing Tool in Disguise
Once the Power Pwn is deployed, if it engages network access control and runs in stealth mode, it is essentially undetectable, "but we would hope that people would be able to walk around, look around, and question things in the environment," said M. Anthony Hughes, customer development manager at Pwnie Express. That difficulty of detection has raised fears about its being a useful tool for hackers.
Jul 24, 2012 5:00 AM PT
Advanced penetration testing product maker Pwnie Express has unveiled a new tester that looks just like a power strip.
The Power Pwn is a fully integrated enterprise-class device that can be used over Ethernet, wireless or Bluetooth connections.
It is priced at US$1,300 and is currently available for pre-order.
The Power Pwn "is similar to a 1.2 GHz ARM-based processor running Linux," M. Anthony Hughes, customer development manager, told LinuxInsider. It runs well-known open source tools including MetaSploit.
Pwnie Express is funded by DARPA, but Hughes declined to disclose further details of its funding because it's a private company.
My Little Pwnie
The Power Pwn has fully functional 120/240v AC sockets. It comes with 16 GB of internal disk storage and onboard dual-Ethernet ports. It can be used with high-gain 802.11b/g/n wireless services or with high-gain Bluetooth, the latter at a range of up to 1,000 feet.
It also has a fully automated NAC/802.1x RADIUS bypass; out-of-band SSH access over 3G and GSM cell networks; and an unlocked external 3G/ GSM adapter. The 3G/GSM adapter is compatible with SIM cards from AT&T, Vodafone, Orange and GSM carriers in more than 160 countries.
The Power Pwn maintains persistent, covert, encrypted SSN access to target networks.
It tunnels through application-aware firewalls and intrusion-prevention systems. It supports HTTP proxies and SSH-VPN. It is said to be unpingable, and it has no listening ports in stealth mode.
The Power Pwn comes preloaded with Debian 6, Metasploit, SET, Fast-Track, Aircrack and other tools.
"The tools on it are all open source, well known tools," Pwnie Express' Hughes said.
The Power Pwn has a graphical user interface (GUI) that's used to configure it to a qualified domain name or a public IP address on a receiver station, either over Ethernet or wireless or 3G. It can be managed over the UI or through a command line, Hughes said.
A Double-Edged Sword
Once the Power Pwn is deployed, if it engages network access control and runs in stealth mode, it is essentially undetectable, "but we would hope that people would be able to walk around, look around, and question things in the environment," said Hughes. User education is key.
That difficulty of detection makes the Power Pwn a two-edged sword and has raised fears about its being a useful tool for hackers.
"It is a tool meant for legitimate pen testers, obviously," Bob Walder, chief research officer at NSS Labs, told LinuxInsider. But if it's surreptitiously installed for malicious purposes, it "could provide access to the corporate network from outside the building."
"The comment about the product getting in the wrong hands or someone using it for malicious purposes is something we hear a lot," Hughes sighed.
On the other hand, "virtually any technology that can be used for good can be used for bad," Randy Abrams, research director at NSS Labs, pointed out. "The device is not the threat -- the existing vulnerabilities are the threat."
Tracking the Pwnie
While clever installation will minimize the risk that the Power Pwn will be discovered, it's not quite invisible, NSS Labs' Walder said. "Good monitoring or SIEM tools will provide an indication that something bad's happening on the corporate network and allow detection or blocking or remediation of its actions."
At the very least, "a high-gain Bluetooth signal will stick out like a sore thumb if you monitor for such things," NSS Labs' Abrams told LinuxInsider.
Still, if the use of the tool should become widespread, "companies would theoretically be able to identify and plug vulnerabilities," Abrams said. "This would make the hacker's job more difficult, but not impossible. Security is risk management, not risk elimination."