Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video)

Posted by Roblimo on from the monitor-your-people-without-them-ever-finding-out dept.

Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.

5 of 74 comments (clear)

  1. Re:Pwnie Express by miknix · · Score: 5, Funny

    Okay, that's pretty cheesy. But I'll admit it did make me giggle.

    When I giggle I also get an erection. But that's probably irrelevant information.

    Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

  2. Shoulda used a GuruPlug Server... by nweaver · · Score: 5, Interesting

    The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.

    And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.

    --
    Test your net with Netalyzr
    1. Re:Shoulda used a GuruPlug Server... by Anonymous Coward · · Score: 4, Informative

      Guru plug has massive heat issues. We tested them extensively.

      Re: phone checkout http://pwnieexpress.com/pwn_phone.html

  3. Where's the Line? by sycodon · · Score: 4, Insightful

    In some states, possession of tools for picking locks or breaking into cars is illegal. Sure, they can have legitimate uses, but at some point government decided that the potential illegal uses far outweighed the legal uses and subsequently outlawed them

    Now look at this device. Seemingly innocent with a legitimate purpose, but apparently a perfect platform for more nefarious use.

    So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network? Should it ever be considered that?

    If not, what additional software or form factor enhancements would change your mind?

    Discuss amongst yourselves.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Where's the Line? by g0bshiTe · · Score: 4, Insightful

      The problem is that this needs to be plugged in physically. So you would need a patsy to plug it in or physical access. On the other hand by your thinking since I can carry a usb stick with the same toolset it should be illegal as well, but since usb sticks have legitimate uses they are allowed, how would one know it was a nefarious hacking tool, without violating my privacy by asking me to expose the data it contained?

      Slimjims and lockpick sets are not as easily dismissed as innocuous. I do see your parallel.

      --
      I am Bennett Haselton! I am Bennett Haselton!