Jump to content
Nytro

Power Pwn: This DARPA-funded power strip will hack your network

Recommended Posts

Posted

[h=1]Power Pwn: This DARPA-funded power strip will hack your network[/h]Summary: The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make sure to ask if it's supposed to be there.

By Emil Protalinski for Zero Day | July 22, 2012

powerpwn.jpg The Power Pwn may look like an ordinary power strip, maybe with an included surge protector, but it's far from it. Network administrators and IT staff in general need to be wary of this one: it can do much more than meets the eye.

The Defense Advanced Research Projects Agency (DARPA)'s Cyber Fast Track program helped funded the development of the Power Pwn. Pwnie Express, which developed the $1,295 gizmo, says it's "a fully-integrated enterprise-class penetration testing platform." That's great, but the company also notes its "ingenious form-factor" (again, look at the above picture) and "highly-integrated/modular hardware design," which to me translates to: it's the perfect tool for hacking a corporate network.

So what do you get after you drop more than a grand for the device? Check out the list of features:

  • Onboard high-gain 802.11b/g/n wireless.
  • Onboard high-gain Bluetooth (up to 1000').
  • Onboard dual-Ethernet.
  • Fully functional 120/240v AC outlets!.
  • Includes 16GB internal disk storage.
  • Includes external 3G/GSM adapter.
  • Includes all release 1.1 features.
  • Fully-automated NAC/802.1x/RADIUS bypass.
  • Out-of-band SSH access over 3G/GSM cell networks!.
  • Text-to-Bash: text in bash commands via SMS! .
  • Simple web-based administration with "Plug UI".
  • One-click Evil AP, stealth mode, & passive recon.
  • Maintains persistent, covert, encrypted SSH access to your target network [Details].
  • Tunnels through application-aware firewalls & IPS.
  • Supports HTTP proxies, SSH-VPN, & OpenVPN.
  • Sends email/SMS alerts when SSH tunnels are activated.
  • Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more.
  • Unpingable and no listening ports in stealth mode.

To summarize that for you, the Power Pwn can launch remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks to identify network weaknesses. You can send commands via a convenient Web interface, accessible through the unit's built-in 3G radio, or directly to the device via text message. In fact, if you're feeling really lazy, you can use Apple's Siri voice-recognition software to send it instructions.

It's something "you can just plug in and do a full-scale penetration test from start to finish," Pwnie Express CEO Dave Porcello told Wired. "The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now."

He also said 90 percent of the company's clients are commercial or federal organizations. What's the other 10 percent? That's what you should be worried about.

The good news is you still have time to get the word out. The Power Pwn is currently available for pre-order, but its estimated ship date is September 30, 2012.

Sursa: Power Pwn: This DARPA-funded power strip will hack your network | ZDNet

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...