Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video) 74

Posted by Roblimo
from the monitor-your-people-without-them-ever-finding-out dept.
Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.
This discussion has been archived. No new comments can be posted.

Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video)

Comments Filter:
  • is pretty intentional!

  • by nweaver (113078) on Thursday March 01, 2012 @10:47AM (#39208263) Homepage

    The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.

    And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.

    • by Anonymous Coward on Thursday March 01, 2012 @11:11AM (#39208569)

      Guru plug has massive heat issues. We tested them extensively.

      Re: phone checkout http://pwnieexpress.com/pwn_phone.html

    • Re: (Score:3, Informative)

      by timothy (36799) * Works for Slashdot

      Internal would be cooler, I agree, but (sorry, it didn't make the video), the Pwnie Express works with both Wi-Fi and 3G dongles. (Not as stealthy, but this is already big enough it wouldn't exactly disappear without camouflage anyhow ;))


    • Yes, and "if found" ALL the incoming connections can be backtracked! You should only contact the device from an anonymous number!

    • by operagost (62405)
      And that's why we built a Faraday cage around our mail room. Unfortunately, someone sent us an iPhone with a Sony battery and it burned the place down.
  • He didn't say anything about the coveted self-destruct button. > : )
  • Every computer sold in North America, ever.

    • Just try plugging a Cray-1 into a 110 line. It'll pull 115 kW with the memory maxed out. That would be over 1000 amps on a 110 line.
  • Where's the Line? (Score:5, Insightful)

    by sycodon (149926) on Thursday March 01, 2012 @10:59AM (#39208441)

    In some states, possession of tools for picking locks or breaking into cars is illegal. Sure, they can have legitimate uses, but at some point government decided that the potential illegal uses far outweighed the legal uses and subsequently outlawed them

    Now look at this device. Seemingly innocent with a legitimate purpose, but apparently a perfect platform for more nefarious use.

    So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network? Should it ever be considered that?

    If not, what additional software or form factor enhancements would change your mind?

    Discuss amongst yourselves.

    • by g0bshiTe (596213) on Thursday March 01, 2012 @11:07AM (#39208531)
      The problem is that this needs to be plugged in physically. So you would need a patsy to plug it in or physical access. On the other hand by your thinking since I can carry a usb stick with the same toolset it should be illegal as well, but since usb sticks have legitimate uses they are allowed, how would one know it was a nefarious hacking tool, without violating my privacy by asking me to expose the data it contained?

      Slimjims and lockpick sets are not as easily dismissed as innocuous. I do see your parallel.
      • by sycodon (149926)

        I was actually thinking about the utility provided by having the OS installed an operable on such a device.

        But your point is still valid because you can't know what's on the device without looking in a manner that is far more intrusive than just checking out the back seat of a car.


      • by Jawnn (445279)
        Context, as in the role of those possessing lock-picks and slim-jims, is everything. The locksmith or the tow-truck driver (whom AAA sends when I lock my keys in the car), has a perfectly legit reason to carry those tools. Same goes for things like nmap or nikto.
      • by HTH NE1 (675604)

        So you would need a patsy to plug it in or physical access.

        That would be easier if it doubled as a USB charger.

    • by Mister Whirly (964219) on Thursday March 01, 2012 @12:16PM (#39209701) Homepage

      At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

      The moment it is actually used to illegally break into a network, and never before it happens. Devices themselves have no intent and therefore cannot be "evil" until put to an "evil" use. If you have permission to do testing, using a device like this can be a great tool.

    • So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

      When a crime is committed. Until then, no laws have been broken. As much as our government would like to think that they can prevent crimes by banning items that could be used in a crime, until a crime is committed they are infringing on the rights of the Americans in question.

      I know that's not how it works in real life. I understand (although disagree) with that line of thinking...I'm just one of those that believes that until a crime is committed, you don't have a criminal.

      • by operagost (62405)
        Please let the radical gun control advocates know.
        • Yeah, well, if the world were mine to control it would be a vastly different place. There are a whole lot of people that could benefit from understanding the difference between a criminal act and an object, but obviously our Public School system is failing in the areas of logic and reason (among others).
  • Oblig (Score:4, Funny)

    by g0bshiTe (596213) on Thursday March 01, 2012 @11:02AM (#39208477)
    ZoMg pWniez
  • by Joe_Dragon (2206452) on Thursday March 01, 2012 @11:04AM (#39208507)

    Stick one to the side of a big pirnter / copier maybe put a HP sticker or some vender sticker on it and it can blend in. Even better if you have one with duel Ethernet ports on it.

  • Good luck explaining to the corporate suites what a "pwn" is.

    • by Sez Zero (586611)

      Good luck explaining to the corporate suites what a "pwn" is.

      Luckily I don't have to justify my purchases to a type of hotel room or musical piece

      But if my boss did wear a suit, I'm probably say something like "Professional Wireless Network". "Pro Whiteboard Notes" and "insert PHB catch-phrase buzzword here" would probably also work.

  • I have them on my house. Most businesses have them outside their doors. How easy would it be to just walk up to a building you want to crack....how many banks have wifi that touches the "real" network? How many of those have outlets in the lobby area or on the exterior of the building that's close enough for wifi? The potential for bad is far greater than for good...the thing should at least be required to make a beeping noise every couple minutes...
    • by PPH (736903)

      Parking lot. Car. Laptop plugged into auto's 12V.

      This does nothing that can't be done with current tech. Other than hang around for a few days while the suspicious vehicle parked overnight gets towed.

      • by kannibul (534777)
        Agreed, just a car is a bit 'bigger' than a wall-wart sized device that does the same thing.
  • by ajlitt (19055)

    I was more amused by the slogan of the next booth over in the video, "Security at the speed of Innovation". What the hell does that even mean?

  • The MiniPwner is a similar device built on a TP Link TL-Wr703N router, so you can build one for under $40. http://www.minipwner.com/ [minipwner.com]

    Also Hak5 has had their Wifi Pineapple available for a few years that is similar, however their MarkIV version which should come out really soon I think will trump both the Pwnie Express and the MiniPwner. http://hakshop.myshopify.com/products/wifi-pineapple [myshopify.com]

Doubt is not a pleasant condition, but certainty is absurd. - Voltaire