The DARPA-Funded Power Strip That Will Hack Your Network

An anonymous reader writes "The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make a point to ask if it's supposed to be there. Pwnie Express, which developed the $1,295 tool, says it's 'a fully-integrated enterprise-class penetration testing platform.' That's great, but the company also notes its 'ingenious form-factor' (again, look at the above picture) and 'highly-integrated/modular hardware design,' which to me makes it look like the perfect gizmo for nefarious purposes."

O RLY

Omg Pwnies!

Re:O RLY

[Tastecicles]

mod funny, that made me pee a little.

Re:O RLY

The developing company is called Pawnie Express...

Re:O RLY

Omg Pwnies!

If you can't afford 1295 bits for the DARPA power bar, why not try this keyboard from EQI?

Can't do everything...

[MiniMike]

it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks.
Might be somewhat impressive, but it can't get first post!

Re:Can't do everything...

Only the first line was supposed to be in quotes. I know, the power strip wouldn't have screwed that up...

Re:Can't do everything...

[camperslo]

Would you be impressed if it fits in your electric meter?

Re:Can't do everything...

[davidwr]

Would you be impressed if it fits in your electric meter?

No, but I wouldn't be surprised if it IS my electric meter.

What About Armament?

Does it come preloaded with assault riffles and explosives?

Re:What About Armament?

Or solitaire? Or Angry Birds at least???

Re:What About Armament?

[Z00L00K]

You can probably get that version too on custom order.

Make it as a...

[Lisias]

Make it as a dildo, and I'll be really worried at the work.

(They're screwing us big time int last months...)

Re:Make it as a...

Is that what people mean when they say it's an inside job?

Re:Make it as a...

No, the official term is "penetration test".

Re:Make it as a...

Well, with enough force anything is penetrable, right?

Re:Make it as a...

[sumdumass]

sadly, ignorance and political bias seems to be the exception to that rule at times. All throughout history, people have been trying to pound some sense into both categories and generally failed.

Re:Make it as a...

[Lisias]

+1 insightful, please.

There is a perfectly logical explanation

[Tastecicles]

...for the appearance of this device.

Part of a penetration test should be, and I don't think I need to remind those who are active in the cybersecurity industry of this(!), creating hacking devices that look as if they're part of the furniture - like they're supposed to be there.

Discuss.

Re:There is a perfectly logical explanation

[Kenja]

Cause no one will ask "why does the power strip have USB host ports?".

Re:There is a perfectly logical explanation

[darkain]

Why would they? Newer power strips have "USB Charging Ports" for cell phones and other gadgets, so you don't need to waste a normal outlet on them.

Re:There is a perfectly logical explanation

[ericloewe]

Ethernet also passes as surge protection for telephone/network cables.

Re:There is a perfectly logical explanation

Many BOFH's have a common AM Radio in the comms room - where you are not supposed to go in with a mobile (or a can of Coke - not good around backup tapes). If this thing has an inbuilt phone I will hear the mobile cackle on my radio, and the jigs up.
But it has hope - don't think we have corporate asset numbers on power boards yet, so it may get swapped out for a $10 Bog*Mart
variety.

Re:There is a perfectly logical explanation

[betterunixthanunix]

To best honest, when I first saw that, I thought, "Hm, that's a strange looking UPS." Not that that would make it out of place in my office...

Re:There is a perfectly logical explanation

[MiniMike]

Yes, but how how long until some manufacturer starts advertising "wi-fi surge protection" on their power strips?

Re:There is a perfectly logical explanation

[__aaltlg1547]

Sure they do.

Re:There is a perfectly logical explanation

[Tastecicles]

When I have been around data installations, everything got marked and recorded - component boards, memory sticks, hard drives, cabinets, power strips, UPS bricks, cables, even down to any piece of plastic that could potentially house a small bug (such as three pin plugs, notwithstanding the fact that I insisted on using plugs that were moulded to the cable at both ends). During the regular hardware audits, every device, cable and connector was checked against the catalogue. Anything that didn't match up was ripped out immediately and replaced with a known quantity.

If I didn't install it, it didn't belong.

Re:There is a perfectly logical explanation

From the article:

"He also said 90 percent of the company's clients are commercial or federal organizations. What's the other 10 percent? That's what you should be worried about."

No, actually it's the 100 percent that you should be worried about.

Those who trade liberty for security deserve neither. -Benjamin Franklin

Re:There is a perfectly logical explanation

[ericloewe]

I think we're there: http://www.monstercable.com/productdisplay.asp?pin=2353

"Optically aligned"? Sounds almost as bad as their previous pitch of "Gold-plated optical cables".

Re:There is a perfectly logical explanation

[ericloewe]

Paint it black and it looks like some low-end UPSes I've seen

Re:There is a perfectly logical explanation

[skids]

Interesting. But how do you actually hear anything on the AM radio over all those servers?

Re:There is a perfectly logical explanation

[Tastecicles]

for some reason I can't pick up any broadcast between 504-1791KHz unless I'm outside. Nottingham really is an AM black hole.

Re:There is a perfectly logical explanation

An AM radio should get anything except power-supply and logic noises. If it does by chance, it's r.f. getting rectified in the audio section. That's about as likely as it picking up UHF television. (signals roughly 1000 times the frequency of AM radio)

Re:There is a perfectly logical explanation

[Kalriath]

Depends on the mobile technology. Only GSM actually does that - WCDMA and CDMA do not. So if you have 3G inside, it fails.

Re:There is a perfectly logical explanation

[Rhys]

No power strip should be the size that thing is unless its also an integrated UPS. The oversized nature of it should be a huge tipoff. Figuring out that it was up to no good is easy too if you suspected it: plug it in to a kill-a-watt. Draws power when "off"? Time to get a hammer...

Re:There is a perfectly logical explanation

[davidwr]

The 90% that are actually using internally as a time-saving pen-test tool and with respect for legal issues (HPPA, etc.) aren't the worry.

But those in the 90% who are using it without the permission of the network-owners or those who don't take laws like HPPA into account are a worry.

For example, if HPPA allows my HR department to keep medical information about me, fine. But it does *necessarily* not allow IT or a contracted-out pen-test firm to see HR data. If the CIO or CEO wants HR to be subject to a pen-test, then those doing the pen-test need appropriate training in HPPA before the test begins so the company doesn't inadvertently (or deliberately) break any HPPA rules.

$1,295?

And how much more of my tax dollars went to developing it? I mean, I could buy a bigassed power strip like this and slap a RasPi and a 3g modem into it, and wire up the "surge protector" ports for USB and ethernet and do the same thing...for like $200...

Re:$1,295?

[Tastecicles]

cue the homebrew powerstrip hackers... oh wait.

Re:$1,295?

[microbread]

It's probably the oxygen free cabling. Who knew Monster were in the defence business?

Re:$1,295?

And it would look like a suspicious "homebrew" object, and would quickly be spotted in most offices. DARPA's version looks like a power-strip that you could buy from a store - yours probably wouldn't.

Re:$1,295?

[Osgeld]

and how much will the insurance cost to cover your 200$ shit homebrew shoebox power strip when it burns a multi-million dollar factory down.

development cost pennies, to prove you can produce the product in quantity with consistent results is what cost you genius

Re:$1,295?

You missed the part where he said he would buy a big powerstrip, gut it and put a raspberry pi inside. In other words, no it wouldn't look homebrew and it would blend right in with the work environment. He's pointing out that the government probably blew a hundred million to develop something that could be slapped together for a couple hundred in someone's garage.

Re:$1,295?

[Fjandr]

Minus the development of capital costs of mass production facilities and the engineering to make the internals readily production-capable.

There are actual issues involved in a production product which homebrew doesn't solve, but you'd never know that to read Slashdot.

Re:$1,295?

[The+Master+Control+P]

And yet while every single time someone does something interesting there's a snivelling asshole like you there to poo-pooh how "easy it would be to just...", we never, ever hear of your much cheaper yet equally effective copies of the thing in question for some reason which I just can't figure out.

Instead of being bitter and resentful towards those who actually create new things, why don't you go and invent some yourself?

Oh wait, that's like... real work and effort and thinking and shit. Back to the TeeVee it is!

Re:$1,295?

Not to mention, the thousands of dollars in FCC testing that none of the homebrew people do before they start selling products.

Re:$1,295?

[julesh]

and how much will the insurance cost to cover your 200$ shit homebrew shoebox power strip when it burns a multi-million dollar factory down.

A recent quote from an EE company that I just happen to have on my desk right now puts cost of compliance with CE & similar electrical safety rules for a short-run product (a device my client is considering installing at a few hundred of their clients' sites) at about $70 per piece. I'm convinced that this "power strip" is being manufactured in much larger quantities than that, so costs should be reduced: so again, where is the money going? It doesn't do anything innovative, plus it's had government funding for its development, so it should have had lower development costs than if one of us were to make it.

Re:$1,295?

[Osgeld]

failures go up when you make more, so tighter testing is required and thus cost more and use much more time

please come back when you have actually produced something in more than limited quantities, most limited quantities in the real world mean prototype samples

Re:$1,295?

[Dodgy+G33za]

I work for the government, and if I were ever to contract to the government to make something I would charge an arm and a leg for it because they burn a lot of time in pointless changes, process and administration. Plus they haven't got a clue and pay whatever you charge.

Re:$1,295?

[sumdumass]

Its probably got the weight down to something reasonably comparable too. After reading through to specs, they seem to have a lot of hardware features with some power behind it too. If a power strip/ surge protector weighs as much as a battery backup, someone is going to ask some questions.

Re:$1,295?

[Runaway1956]

Think about what you just said. Some cosmetic damage might make the hacked powerstrip more acceptable. Slap a shiny, new bit of equipment into an office, and it might raise a little curiosity.

Now, take a somewhat abused looking home-brew unit, and put it someplace in the same office. No curiosity, at all. Where I work, there is no shiny, pretty, new, or nice. Everything is beaten to hell and back!!

Re:$1,295?

[Runaway1956]

I know, hackers always get insurance before they embark on their activities. My local insurance agents all offer "Hacking Insurance". It even comes bundled with my homeowner's insurance, at State Farm!!

Re:$1,295?

[dontclapthrowmoney]

If a power strip/ surge protector weighs as much as a battery backup, someone is going to ask some questions.

I'd be surprised if they weren't making UPS versions of products like this also. If anything that is more likely something you'd connect to your network without questioning, for monitoring. The chance people would connect the RJ45 ports (I'm guessing these are supposed to protect against power surges) is a lot less in a corporate environment.

The first thing I thought when I saw this was how annoyed I'd be if I spend over $1000 and no-one plugged anything into any of the data ports. I'm guessing it could try to hack in wirelessly, but then they could have a put this into any device that had a constant power connection - shredder, radio, coffee maker - anything that gets left plugged in.

Re:$1,295?

[PopeRatzo]

Where I work, there is no shiny, pretty, new, or nice. Everything is beaten to hell and back!!

So maybe you don't have anything hackers are interested in.

Re:$1,295?

[PopeRatzo]

I work for the government, and if I

I commend you for having the courage to admit that in this crowd.

Re:$1,295?

[PopeRatzo]

I know, hackers always get insurance before they embark on their activities. My local insurance agents all offer "Hacking Insurance".

It's listed under the "Homepwners Policies".

Re:$1,295?

Oh wait, that's like... real work and effort and thinking and shit. Back to the TeeVee it is!

It's also overcoming the various barriers to entry in this niche market, and your success would mean turning the product into a commodity. Initial upfront investment of a fair amount of money and low rate of profit even if everything goes exactly to plan. Also only having the one product means things like paying a person to navigate all the bureaucracy for a single product, instead of at an established company where that person would work with a dozen products for the same pay.

Re:$1,295?

[ceoyoyo]

I have an uncle who runs a small company building electronic devices. He says that certification costs about $200 to get the guy to come out, but once he's there he's happy to do as many devices as you've got ready (within reason, probably).

Re:$1,295?

[ColdWetDog]

I commend you for having the courage to admit that in this crowd.

Especially with the nic "Dodgy".

Re:$1,295?

[Johann+Lau]

And how is this thing new, or useful? I guess answering that would be too much "real work and effort and thinking and shit" -- ?

Re:$1,295?

[Endlisnis]

You seem to have forgotten one essential part. Software. You can't just throw hardware together and have it magically know what you want it to do. It probably took man-years to write the software in this thing. If you *really* think you can do it for $200, I would suggest that you do it. This is not an iPhone. The market for this type of thing is not in the millions of units. It's in the thousands, which is another reason why they mark it up so much. Do you really think it costs them $1300 to make this thing? I suspect it's closer to $300 and then $1000 in profit to pay for the development costs.

Re:$1,295?

Bullshit, everything they have already exists within linux. They probably ripped off Jasager and tossed in some other php cli commands to build a webui, but otherwise you configure it and you're done.

Re:$1,295?

[Kalriath]

Simple answer? Plug a printer (preferably one of those copier monstrosities) into one of the data ports. Noone would bat an eyelid at sticking a $3000 printer on a "surge protector" so you'd probably get away with it.

Re:$1,295?

[Kalriath]

Your second part about not having a clue is incorrect. I also work in Government, and I can say that the reason is that there is a mentality of "it's only money" which basically means they don't bat an eyelid at spending millions of dollars on pointless consultation and analysis, only to run out of money to implement recommendations.

And that's not all- to the procurement people, it's not just "only money" it's someone else's money. Plus they get brownie points for pushing down costs so vendors intentionally inflate their costs to cover it.

That looks nothing like a power strip

You couldn't possibly mistake it for a real power strip, like these.

Re:That looks nothing like a power strip

[Zontar+The+Mindless]

Oh, really? Guess you've never seen a surge-suppressing power strip with sockets for phone and Ethernet to protect those lines as well?

Looks to me almost exactly like the one I used when I still lived in the States.

Re:That looks nothing like a power strip

[Osgeld]

it looks similar to the ones we have at my work, IE: not bought in a 4 pack for 9.99 at k-mart, which do dick shit nothing against surges

Re:That looks nothing like a power strip

[Tastecicles]

I use UPS bricks that come with suppressor circuits for ethernet/RJ11 and USB (they also supply power for USB). Very handy pieces of kit, and the batteries are fairly easily replaced as well. So no, the plethora of different connectors is nothing new for me (I used to sell the things as well).

Re:That looks nothing like a power strip

[ColdWetDog]

Looks to me almost exactly like the one I used when I still lived in the States.

And you still think those things were just surge suppressors, eh?

Re:That looks nothing like a power strip

[pnutjam]

UPS's smooth power and provide some surge protection. However, the only real value in any surge protector is the extra outlets, and the insurance that will replace your equipment after a surge destroys it. Most good brands list their policy on the side of the box.

EMF interference

This thing should be relatively easy to find even in "stealth mode." Grab an RF meter and go to town.

Re:EMF interference

[Zontar+The+Mindless]

Grab an RF meter and go to town.

Right.

And just how many network admins do you know who actually keep one of those around?

I'd ask ours where he keeps his (assuming he even has one), but he's on vacation until mid-August, and his stand-in works in a different building in another part of town.

I think even you can see where I'm going with this... :)

Re:EMF interference

[Osgeld]

its 2012, wifi and bluetooth? What admin wouldnt want to have one around, they cost less than guessing where the dead zones are

Re:EMF interference

[Tastecicles]

for wifi, I have a t-shirt. If I come across an unexpected signal (indicated by my chest lighting up) out comes the netbook and sixty seconds later if it's a WEP node I'm in. Sooner if it's an open node.
for Bluetooth I have a nifty little custom app on my netbook that beeps every so often and logs any and all Bluetooth activity that comes into range. Oh, to have something like that on an Android phone...

A good one-size-fits-all tool I've been using for years is a wideband RF meter. This gadget uses custom 802.1x receivers to scan from 1.5GHz, through the entire 2.4GHz ISM band up to around 6GHz for wifi, Bluetooth, domestic microwave leakage, satellite transmission cones, RADAR, pretty much anything that uses this range of frequencies. It can be attenuated for most situations with a simple turning of two dials.

Re:EMF interference

Not really, if it's in actual use -- do you realize how many wall-warts these days are switching PSUs? And of those, most have no EMI shielding whatsoever.

Re:EMF interference

[julesh]

I can find wifi dead zones by wandering around with my phone. Why would I need an expensive, dedicated piece of equipment to perform the same job as one I already own?

Re:EMF interference

Any company which have assessed that they are at-risk to this sort of attack will have this sort of equipment. I work for an aerospace company and we have a kit of tools which includes an RF and EMF meter, we even have a soldering iron, multimeter, SDR and a ton of other stuff even though we're only I.T. guys.

Re:EMF interference

[ColdWetDog]

Why would I need an expensive, dedicated piece of equipment to perform the same job as one I already own?

What a very silly question.

Are you sure you're posting on the correct web site?

Re:EMF interference

[Osgeld]

then you have an RF meter, did I say expensive, dedicated piece of equipment dumbshit?

Re:EMF interference

[Tastecicles]

never mind the state of the shielding, what about the overall quality of the bricks?

Some years ago, I came across an increasingly familiar problem with eMachines systems. These things are assembled in California using Chinese components, including Bestec power supplies assembled in Taiwan. The problem with these power supplies was the capacitors. Seems that a rather large batch of them were assembled with GP bronze caps, resulting in thousands of units supplied to eMachines which had the potential to cause data loss, destruction and fire. I actually had an eMachines in for a simple software problem, that when I plugged it in - in front of the client - the power brick literally exploded inside the case (secondary effects of this included a scared witless client and a temporarily blinded tech - me). In short order of finding the pattern of the fault, I had to issue a warning and had one of my major clients put it up on his website.

Lesson here is: if you're a builder, stay the hell away from cheap power supplies, especially stay away from power supplies built with low profile caps. They are NOT designed for the kind of loads a computer PSU is put through and they are totally incapable of handling surges and spikes (which they just transmit to the secondaries). I try and stick to bricks I know, like the Corsair Builder Series or the Antec Truepower. If you're a COTS user and reading this, whip out the screwdriver and check the label on the PSU. If it says "Bestec" or "HiPro", it might be an idea to switch it out for a quality brick before you learn the hard way.

Re:EMF interference

[jroysdon]

It's really not hard to find them with Cisco gear managed by Cisco Wireless Control System. WCS will automatically triangulate them so you can physically locate them and you can even block/disable rogue APs (talk to legal before blocking/disabling Wifi APs, re:FCC & unlicensed spectrum). I've used it this last week to track down 3 rogue APs which were permanently installed by employees for personal employee use (turns out they BYOI from a WISP and then share with those who want to chip in and only use with their personal devices, not work devices). Additionally, WCS will alert if any of those "rogue" APs' MAC addresses ever show up on the Corporate network and will also track all authorized work clients to make sure they don't connect to rogue APs. It will also track and make sure non-authorized APs never use a "legitimate" SSID (disallowing any impersonation of our real APs).

I've yet to play with it, but WCS' replacement, NCS, does this as well: Rogue AP Details.

Re:EMF interference

[julesh]

then you have an RF meter, did I say expensive, dedicated piece of equipment dumbshit?

Except it won't work for this application. It can only do it for networks that have an access point broadcasting their SSID.

Made in China ?

[Taco+Cowboy]

Hopefully this strip is not made in China
 
I'm crossing my fingers
 

Re:Made in China ?

[Cryacin]

Made in North Korea?!? What the...

Re:Made in China ?

[Ashtead]

Hopefully this strip is not made in China I'm crossing my fingers

According to the link from cryptome than an AC has provided further down here, the hardware is indeed mostly made in China. What makes this US made to the satisfaction of the government is that the software that makes this thing what it is, is made in the US, replacing all the original code.

This document goes on at length about how that can be. As an EE, not a lawyer, I found the information that the "brain" is a SheevaPlug to be more interesting.

Re:Made in China ?

[Jeremiah+Cornelius]

So easy to make your own.

DARPA paid for this? It's Backtrack/Aircrack/Metasploit on a board.

Hello, Raspberry Pi!

Re:Made in China ?

[camperslo]

Your power strip looks a little damp.
Better dry it out in the microwave.

Re:Made in China ?

[metrix007]

If it is so simple, why not make a version that isn't an sell it to DARPA? Or, are you just all talk?

Re:Made in China ?

[Jeremiah+Cornelius]

I have similar... In smoke alarm housings - without the mobile phone component.

Re:Made in China ?

[Jeremiah+Cornelius]

Yeah?

I have also been worrying about that laser printer you got.

It has gig ethernet on your corp VLANs, a webserver, a JVM with hard-disk persistence - and a "cloud print" option for the Internet.

What could we do with that?

Re:Made in China ?

[camperslo]

We? None for me to share, sorry. Maybe the question should be what undocumented features may be in them already? It goes downhill from there. Most microwaves are too small for applying my joke fix, and some side effects could be expected.

We really ought to require source with everything we buy. Many products invite problems if not containing them already. We should not just enabled but encouraged to inspect, fix, and innovate.

Old tech would seem more secure, but even 25 years ago there were fruity PS printers that could be bricked by data.

While I understand governments sometimes having legitimate needs for added capabilities, I believe that the exposure of knowingly leaving unpluged if not adding numerous holes in many things for their convenience has resulted in us experiencing massive damage. Security through insecuring everything and everyone?
And then where's the transparency? An informed democracy works better. 25th out of 30 rank among modern nations in math? Dumbing down the masses is good for who exactly? Please, do away with the business people or leaders betting heavily against the U.S. from offshore operations..

Parking Lots

[guttentag]

I predict these will start showing up in corporate parking lots. "Ooh! Look, someone dropped a power strip! I've been telling my boss I need more outlets in my cubicle since he won't let me charge my phone by plugging it into the computer anymore... this will do nicely! And is that a USB stick on the ground? Oh, almost got me there. I know better than to plug that in."

Re:Parking Lots

I predict that they've been showing up in all manner of places for years now. You think $INTELLIGENCE_AGENCY has to wait until September to get these?

Re:Parking Lots

yeah, because 1200 dollar power strips have a lot in common with ~3usd USB flash drives.

Re:Parking Lots

[eWarz]

Funny you mention that, while semi computer literate folks MIGHT bring it up with their IT dept, I've seen plenty of folks blindly do crazy stuff like stick random USB sticks in their computer. We often don't find out until it's too late.

Re:Parking Lots

We had a virus ravage our network for months that we traced to an infected memory stick used to bring in pirate games. Disabling the virus was easy enough, but all the files it left on stations kept triggering antivirus alerts and thus disabling accounts. In the end we had to manually delete all the profiles from every station before we could be completly rid of it.

Re:Parking Lots

[stephanruby]

F no! For $1,295, I'm wrapping this sucker up in several layers of aluminium foil and I'm taking it home to sell on ebay. The same goes if I find any nefarious-looking device stuck on my car.

Re:Parking Lots

This $1200 power strip can be used to hack networks. The $3 usb drive can be loaded with malware to pwn the computer it is inserted in. What they have in common is that they can potentially do the same job of gaining access to sensitive data although using different means.

Re:Parking Lots

This $1200 power strip can be used to hack networks. The $3 usb drive can be loaded with malware to pwn the computer it is inserted in. What they have in common is that they can potentially do the same job of gaining access to sensitive data although using different means.

I think the point is that for the cost of one of those power strips, you could plant 400 usb drives. Unless you've got piles of cash to literally burn, nobody is going to just toss a handful of power strips into a parking lot in the hopes that somebody picks one up and plugs it in. Most people will see a power strip, figure it's toast, and toss it in the dumpster. USB sticks make people curious.

No, these are for targeted attacks, where you get physical access to a room. Say, a janitor or delivery person, office machine repair guy, or a mole planted in the regular staff, who can quickly hook one of these up without being noticed.

There is a perfectly trashy explanation

So future hacking devices should look like a wastebasket?

Re:There is a perfectly trashy explanation

[Tastecicles]

prior art: dumpster diving.

Hacking isn't all about dictionary files and bruteforce attacks, autodiallers and Ally Sheedy. :)

Re:There is a perfectly trashy explanation

[petermgreen]

the problem with a wastebasket is that it's not generally supposed to have cables going to/from it. That means you will have to run off batteries (running off batteries long term is a MAJOR PITA) and you will be limited to wireless hacks.

OTOH power strips are expected to have power and ones with communication surge protection while relatively unusual are not unheard of. This means that you can have power and network going to the "hacking device disguised as a power strip" without it looking too suspicious.

Re:There is a perfectly trashy explanation

[camperslo]

Build it into something above a waste can like a shredder. While you're at it, make a shredder that is also a scanner. Getting it to work when fed multiple sheets at once would be the and-one-more-thing feature.

deal extreme has a simpler one

A mere $40 for a GSM audio bug disguised as a power strip: http://dx.com/p/quadband-world-gsm-spy-bug-audio-transmitter-disguised-as-working-ac-power-bar-22097

It has been around for a while, so this pwn thing just sort of builds on it.

They also have one disguised as a working USB mouse: http://dx.com/wireless-triband-gsm-spy-phone-surveillance-device-as-working-usb-mouse-850-900-1800mhz-39164

and various more of the same. This shit is evil.

Seriously, is this news?

Hasn't the pwnie express wall wart version been around for well over a year now? I guess the news is that it now comes in a power strip too?

Translation

[bashibazouk]

The opposition (who ever they may be) has figured out that we were using this device. Word has gotten out. We no longer need it. You may now do with it as you wish...

Re:Translation

Let's hope that is the case.

I wouldn't put it past some journalist to have found out about this juicy project and expose it for the scoop.

Now the subsidized $50 versions we were selling in Iran, Iraq, NK, Afghanistan, and elsewhere might get checked out...

Re:Translation

[blueg3]

No, it's just recently come out. It's one of the mini-projects funded via the DARPA Cyber Fast Track, currently run by Mudge. Their list of funded projects is publicly available on their website (and updated reasonably frequently) and they encourage sharing the results of projects.

Only in America...

[dutchwhizzman]

Only in the USA, because large parts of the world use other outlets and voltages....

Re:Only in America...

[jamesh]

Only in the USA, because large parts of the world use other outlets and voltages....

Yep. The development effort to retool for 240v and Australian power sockets would be prohibitive. I guess we don't need to worry about them over here.

Re:Only in America...

[Osgeld]

it really doesn't matter, everything that plugs into this box uses switching power supplies which have a wide range of voltages

never mind the fact that commercial AC transmission standards was developed in the USA in serious scale, thus making every one else "wrong". on a side rant I never figured out why so many people outside the states stick to a 50Hz cycle rate, its just nonsense ... is there a metric second I was unaware of?

Re:Only in America...

[mirix]

Pro tip - one second / 60 = nothing. There's no unit that is a 60th of a second. If it was one hertz, and the euros were using 0.833Hz, you might have a point.

That's all besides the point anyway. NA started on DC, and when we first went to AC, it was 25Hz.

Not that any of that is related to the connector, in any way.

You poor bastards using 50/60Hz. I'm so much holier than you with my 25Hz. I AM THE ORIGINATOR OF ELECTRICS

Re:Only in America...

[sumdumass]

It says 120 or 240 volt. I guess the selection is made during checkout.

Re:Only in America...

We have different pin configurations too.

Re:Only in America...

[sumdumass]

You do realize that the US, EU, Japan, Brazil and several other countries also have different pin configurations too right?

It is probably just a matter of country specific housing covers that hold the outlets..

Re:Only in America...

[blueg3]

Pro tip: not only is it completely reasonable to declare your own units, but there is a unit that is 1/60 s: the jiffy.

Pro tip for GP: If two standards differ, neither is wrong, they're just mutually incompatible.

Re:Only in America...

[Tastecicles]

the 25/50/60/120/133/400Hz* standards were just technical compromises based on application, nothing more.

*25Hz: Niagra Project
50Hz: most of the civilised world based on generator, transformer and transmission line size limitations (pretty much)
60Hz: system developed by Lamme to suit most any HV situation
120Hz: (failed) development system (combustion engines just couldn't rotate fast enough to run this frequency)
133Hz: ditto

and then we have DC, system developed by Edison/GE. Problem with DC is that it's freakin' deadly at high voltage and/or current (110V/400A anyone?) (would cause severe muscular spasm to the point of cellular membrane failure and massive cautery), and causes wires to heat to the point of melting, hence no good whatsoever for distance transmission. Great for welding, though. Homes on Edison DC system would have had to have their own generator.

A thought: the rest rate of the human heart is around 60Hz. A harmonic electric shock at this frequency has the potential to interrupt the normal chemoelectric rhythm, causing arrest. At 50Hz the risk is lower (but not by much).

Re:Only in America...

You do realise the Chinese mains socket is compatible with the Australian mains plug? The only difference is that the Australian pins are slightly thinker, so may make it a little hard to push into the socket, (oh and they are upside down).

Re:Only in America...

[jroysdon]

I'm not an EE or anything, but Path 65 is HVDC and appears to work just fine over long distances (842mi) with a line rating of 3100MW.

Re:Only in America...

[Tastecicles]

lemme do the math...

the Pacific Intertie uses two conductors, each of which is just over 5cm diameter (including the core). The measured dissipation is around 260W/m*. Over the length of the line, 1362km, this equals a net loss through heating the wire of 354MW. The total voltage drop is 114kV. From a source output of 3.1GW, this is a 77% efficiency.

*considering this is about equivalent to solar flux (~0.15W/cm^2), that's a fairly significant loss as far as I can see.

I don't have the figures for the AC line that runs basically parallel to Path 65. I can only assume since most of the rest of the world uses AC almost exclusively for overground transmission that it's more efficient, and that Path 65 is only there to facilitate cross transmission across two unsynchronised grids.

Re:Only in America...

[jamesh]

You do realise the Chinese mains socket is compatible with the Australian mains plug? The only difference is that the Australian pins are slightly thinker, so may make it a little hard to push into the socket, (oh and they are upside down).

Never knew that. You got that my post was sarcastic though, right?

Re:Only in America...

Resting heart rate is roughly 60 beats per minute, or 1 beat per second, or 1 Hz. Of course, that varies pretty widely.

Great Buy!

[oil]

Dude, I just picked one of these up at Wal Mart.

Great for ad-hoc wifi

[MrEricSir]

Seems like this could be great for ad-hoc wifi. Hide enough tiny routers in power strips (or even light fixtures, etc) and you can spread your signal without anyone noticing.

Nasty piece of work

[kbw]

It should be a dismissable offence it bring this thing any where near where you work. You probably couldn't even trust it if it were still boxed.

Re:Nasty piece of work

[tftp]

It should be a dismissable offence it bring this thing any where near where you work.

All you need is to ship with UPS a sealed carton of ten or twenty of these devices, each in its own professionally printed box, to the maintenance department of the target company. Lowly workers, just a notch above janitors, will not be asking their bosses about such a simple item, and power strips are always needed. You can do this even if you never set foot into the country where the target company resides.

Re:Nasty piece of work

[mveloso]

Funny, I was just thinking that. Most offices I've worked in and visited are terminally hard-up for power strips. If a box of 20 of them showed up they'd get used, no questions asked...although a bunch of them might make it into people's homes.

For industrial espionage, this would be priceless. Nobody checks to see if visitors are bringing power strips. Contractors bring their own all the time. Stick it in a conference room, or better yet an executive conference room, and you're golden. Does it come with a microphone?

Is it filled with helium?

[evilviper]

I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?)

It would strike me as much more effective to use a device that already has a lot more heft to it, so the weight difference wouldn't be noticed.

I know the Soviets discovered several CIA bugs because things like their copiers were just a few ounces heavier than a stock model.

Re:Is it filled with helium?

I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?),

Or, you might think it's a high-quality well-made device, instead of the el-cheapo plastic stuff from the lowest bidder in China.

Re:Is it filled with helium?

[betterunixthanunix]

I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?)

Well, I said this elsewhere, but when I saw the picture I thought it could pass for a UPS -- and who is going to question a heavy UPS? You can get even nastier with a UPS, since it normal for it to be connected to a USB port or to a LAN (if my power strip were connected to a LAN, I would be a bit curious).

Re:Is it filled with helium?

[Manfre]

if my power strip were connected to a LAN, I would be a bit curious

Many power strips include surge suppression ports for RJ-11 and RJ-45.

Re:Is it filled with helium?

[mjwalshe]

But power strips with urge suppression ports for RJ-11 and RJ-45 are only for consumer use you would not see this in a structured cabling in the office setting.

Re:Is it filled with helium?

[couchslug]

"I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?)"

They'd think it was higher quality because it weighed more.

Ah the $1295 toilet seat syndrome ...

strikes again. Our tax dollars at work.

Includes external 3G/GSM adapter.

[Neil_Brown]

Subtle... unless it looks like a part of a power strip? A bit larger than average, fine. USB ports — getting common. USB modem sticking out of it — somewhat suspicious...

Re:Includes external 3G/GSM adapter.

[cdrudge]

Just make the adapters look like wall warts plugged into the strip...

If I see one of these at work, I *will* be worried

Being in Britain and all, if a power strip like this shows up at work, the form factor should stand out nicely from all the rugged British stuff. It would be just about as inconspicuous as someone trying to spy on you wearing a full Ninja outfit. If you can actually see either, of course.

And for the home amateur on a budget ...

[PolygamousRanchKid+]

Get one of these: http://www.asus.com/Networks/Wireless_Routers/WL330N3G/. Hack OpenWrt to fit you needs, and flash the router with that. It's small and discrete enough to go unnoticed when set up and left somewhere, like behind a curtain, plugged into a forgotten Ethernet port in a wall somewhere. Power it with one of these: http://www.philips.co.in/c/cell-phone-accessories/universal-dlm2262_97/prd/.

PDF from Cryptome

PDF- http://cryptome.org/2012/07/cbp072312.pdf

Re:PDF from Cryptome

[Ashtead]

Some interesting info there. This thing is based on the SheevaPlug hardware co-located with a power strip, with customized re-programming. An expensive wolf in sheep's clothing.

Licenses?

[AliasMarlowe]

TFA says "Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more". Which leads us to a question, since they're distributing it: are they in compliance with relevant licenses (e.g. GPL) if they have they modified any of the FOSS packages ?

Re:Licenses?

[zidium]

I certainly hope they were smart and didn't include any FOSS at all, but stuck with truly free open source software w/o encumberance, instead.

Re:Licenses?

Found of Pwnie Express here - we are indeed in compliance with all OSS, and none of the OSS packages have been modified (our value add is in the custom ruby-based web UI, automation scripts, etc.)

Re:Licenses?

[hlavac]

Can something like this be trusted? I bet it's riddled with backdoors.

Re:Licenses?

Do you realise you contradicted yourself in that single sentence?

Re:Licenses?

[Kalriath]

I believe he's taking the tack that GPL and so forth are not free as they impose restrictions (the encumbrance he refers to) in which case he appears to be saying that the only true free open source is BSD/PD and so forth

Re:Licenses?

[metrix007]

DARPA does not have to comply with any license, they just need to cite it as an issue of national security.

DARPA-funded? Really?

[goodmanj]

If, like me, you found it unlikely that DARPA would fund something like this and let you talk about it (or at least, suspected this might be a case of hacker braggadocio), check this out:

http://www.cft.usma.edu/currentProjects.htm

The Power Strip Auditor
Pwnie Express
February 2012

Aim higher than that

[swb]

Showing up in corporate parking lots?

You should be considering how and where you are going to convincingly deliver 1,000 of these devices to the top 50 banks as if they were part of the normal office supply delivery.

I recommend branch offices rather than corporate HQ. Stuff like power strips are always in short supply, and at branch offices they'd happily accept (and without any questions) an accidental delivery of 3 from the office supply company via FedEx. And at branch offices I've done work in, there's always a little more do-it-yourself IT spirit, and I can see people happily plugging the Ethernet "surge suppressor" inline with their PC.

My question is -- how many are there like this out there already? Does anyone have the pockets deep enough to send out 10,000 like this to a focused group of targets? It starts to make even a successful activation rate of 0.05% look interesting.

$1295 power strip?

[Skapare]

Only in the US government.

Who ya gonna call?

[__aaltlg1547]

Let's say I do see one of these things in the office and I take your advice that I should call somebody to find out if that thing is supposed to be there. This raises the important question of whom I should call. If it's not supposed to be there, that means that somebody, possibly one of my co-workers planted it. PROBABLY one of my co-workers planted it. Now my trust in all my coworkers is in question.

Not that it's not already in question. Maybe I should call Homeland Security. And maybe Homeland Security planted it without the knowledge of my management...

Re:Who ya gonna call?

How far do you want take this ?

Re:Who ya gonna call?

Let's say I do see one of these things in the office and I take your advice that I should call somebody to find out if that thing is supposed to be there. This raises the important question of whom I should call. If it's not supposed to be there, that means that somebody, possibly one of my co-workers planted it. PROBABLY one of my co-workers planted it. Now my trust in all my coworkers is in question.

Human sacrifice, Windows and OS X machines living together, mass hysteria!

Not that it's not already in question. Maybe I should call Homeland Security. And maybe Homeland Security planted it without the knowledge of my management...

Call the spooks? If you see one of these things, your office is already spook central! Call the Ghostbusters!

(Or do what I'd do: Take it home, because hey, free Sheevaplug! :)

Re:Who ya gonna call?

[russotto]

This raises the important question of whom I should call. If it's not supposed to be there, that means that somebody, possibly one of my co-workers planted it. PROBABLY one of my co-workers planted it. Now my trust in all my coworkers is in question.

If I find one of these things in my office, I'd call information security; if need be they can talk to physical security to figure out how it got there. If one of my co-workers planted it (and it wasn't a legitimate test, in which case I suppose blue team won), one of my co-workers is probably fired and possibly prosecuted.

If the HS planted it, they're likely not going to admit it. If they do, I suppose we'd have to give them their toy back. Though if it were my decision, I'd install a backdoor in their backdoor first.

Re:Who ya gonna call?

[PPH]

I'd just swap it with the plug strip I have in my home shop. The one I use to plug in my 120V MIG welder. If the NSA wants to listen to 'BZZZZZZZ BZZZZZZZ' all day, they are welcome to it.

Not Made in Silicon Valley

[Lawrence_Bird]

The best part of this is the company is located in Barre VT (and its not pronounced Bar!)

Easy to spot?

Perhaps. But now that it is on slashdot, alternate fascia will be available soon. Consider this the open beta =)

Huh...

[ibsteve2u]

Maybe I better take a closer look at those "smart" power strips the utility company sent me "for free". On second thought, nahhhhh.....I don't care that much. After all, I run some LAN subnets over NETGEAR® Powerline equipment; anybody who wants to nib can do it at their convenience right over the grid.

Now that's thoughtful of me; they wouldn't even have to burn the gas getting that van with the WiFi capture/decode equipment in it out here.

Now, that's cool.

I want one. And no one will question the price tag. After all, it's a DoD contract. :-)

Re:DARPA-funded? Really?

[mjwalshe]

er Guys you know there's this useful thing called secrecy - maybe Maybe William could get the Security Service and SIS to give the CIA a few helpful hints.

Re:DARPA-funded? Really?

Secrecy is very important when your tools and resources are limited. In comparison to any other country in the world, the CIA and NSA might as well have limitless resources and tools at their disposal.

blah blah blah

Amuses me that somebody was talking about hacking through the powerlines - as in using electrical lines as the medium not using something like this - bah far behind the times - still trying F&I I see or is that U&D?

Either way something undeniable starts in what 101 days or so?

..Cough..

[way2trivial]

http://unex.com.tw/wifi-surge-protection

You've all missed the most important fact

[way2trivial]

Look at the receptacle style.

US outlet. this is built for domestic use... in country-- not foreign service.

But...

Does it actually protect against power surges?

I don't think so

[uvajed_ekil]

"$1,295 tool...the perfect gizmo for nefarious purposes." Major editing there, but my point stands: too expensive to toss around.

"High-gain" = highly directional

[davidwr]

1000 feet for Bluetooth, but only in one direction, like the President's office.

Suckers.... Re:Made in China ?

[davidwr]

What makes this US made to the satisfaction of the government is that the software that makes this thing what it is, is made in the US, replacing all the original code.

That's the long-winded way of saying "We are dumb and don't think China is smart enough to put a backdoor."

2 bits, 4 bits, 6 bits, a dollar

[davidwr]

$1295 = 1295 * 8 bits = 10,360 bits.

Octal is left as an exercise to the reader.

Historical note: In US, a bit is 1/8 of a dollar, or 12 1/2 cents.

That's the aftermarket add-on :(

[davidwr]

You know, the one that plants terrorism plans on your executive's computers and then faxes an "anonymous" letter to the FBI.

I lost the address of the 3rd-party vendor, but I think it was something-something road, cave # something, something-stan.

Hackerspaces

[davidwr]

Cool, sounds like something every Hackerspace should offer a few times a year.

Do they charge extra for weekend visits?

Re:Hackerspaces

[ceoyoyo]

I suppose it depends on how much beer you buy the inspector.

Do-it-yourself insurance

[davidwr]

Do-it-yourself insurance is available, but costly.

You can get perpetual $1M liability coverage for an up-front fee of a mere million dollars.

Seriously, this exists. It's called "being self-insured" and it's what you are if you don't buy insurance from someone else.

computer power supply problems

THIS explains all the BRANDYOUMENTIONED computers we were getting at the BIGBOXELECTRONICSTORE computer repair desk I worked at some years ago.

DC?

[davidwr]

Anyone know the reason they went with DC for the entire distance, rather than use AC for the line and a short DC section or other equipment to connect otherwise-incompatible power grids?

Re:DC?

[Tastecicles]

hm... apparently DC is in fact more efficient over distances longer than about 600km... DC interties are useful because you can synchronise the grids at the DC/AC step instead of trying to adjust the phase angle between two AC grids (which is changeable depending on how stable the two grids are in relation to each other).