Slashdot Mirror
The DARPA-Funded Power Strip That Will Hack Your Network
An anonymous reader writes "The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make a point to ask if it's supposed to be there. Pwnie Express, which developed the $1,295 tool, says it's 'a fully-integrated enterprise-class penetration testing platform.' That's great, but the company also notes its 'ingenious form-factor' (again, look at the above picture) and 'highly-integrated/modular hardware design,' which to me makes it look like the perfect gizmo for nefarious purposes."
Omg Pwnies!
...for the appearance of this device.
Part of a penetration test should be, and I don't think I need to remind those who are active in the cybersecurity industry of this(!), creating hacking devices that look as if they're part of the furniture - like they're supposed to be there.
Discuss.
Operation Guillotine is in effect.
Hopefully this strip is not made in China
I'm crossing my fingers
Muchas Gracias, Señor Edward Snowden !
I predict these will start showing up in corporate parking lots. "Ooh! Look, someone dropped a power strip! I've been telling my boss I need more outlets in my cubicle since he won't let me charge my phone by plugging it into the computer anymore... this will do nicely! And is that a USB stick on the ground? Oh, almost got me there. I know better than to plug that in."
Oh, really? Guess you've never seen a surge-suppressing power strip with sockets for phone and Ethernet to protect those lines as well?
Looks to me almost exactly like the one I used when I still lived in the States.
Il n'y a pas de Planet B.
Grab an RF meter and go to town.
Right.
And just how many network admins do you know who actually keep one of those around?
I'd ask ours where he keeps his (assuming he even has one), but he's on vacation until mid-August, and his stand-in works in a different building in another part of town.
I think even you can see where I'm going with this... :)
Il n'y a pas de Planet B.
and how much will the insurance cost to cover your 200$ shit homebrew shoebox power strip when it burns a multi-million dollar factory down.
development cost pennies, to prove you can produce the product in quantity with consistent results is what cost you genius
prior art: dumpster diving.
Hacking isn't all about dictionary files and bruteforce attacks, autodiallers and Ally Sheedy. :)
Operation Guillotine is in effect.
The opposition (who ever they may be) has figured out that we were using this device. Word has gotten out. We no longer need it. You may now do with it as you wish...
Minus the development of capital costs of mass production facilities and the engineering to make the internals readily production-capable.
There are actual issues involved in a production product which homebrew doesn't solve, but you'd never know that to read Slashdot.
for wifi, I have a t-shirt. If I come across an unexpected signal (indicated by my chest lighting up) out comes the netbook and sixty seconds later if it's a WEP node I'm in. Sooner if it's an open node.
for Bluetooth I have a nifty little custom app on my netbook that beeps every so often and logs any and all Bluetooth activity that comes into range. Oh, to have something like that on an Android phone...
A good one-size-fits-all tool I've been using for years is a wideband RF meter. This gadget uses custom 802.1x receivers to scan from 1.5GHz, through the entire 2.4GHz ISM band up to around 6GHz for wifi, Bluetooth, domestic microwave leakage, satellite transmission cones, RADAR, pretty much anything that uses this range of frequencies. It can be attenuated for most situations with a simple turning of two dials.
Operation Guillotine is in effect.
And yet while every single time someone does something interesting there's a snivelling asshole like you there to poo-pooh how "easy it would be to just...", we never, ever hear of your much cheaper yet equally effective copies of the thing in question for some reason which I just can't figure out.
Instead of being bitter and resentful towards those who actually create new things, why don't you go and invent some yourself?
Oh wait, that's like... real work and effort and thinking and shit. Back to the TeeVee it is!
Only in the USA, because large parts of the world use other outlets and voltages....
Yep. The development effort to retool for 240v and Australian power sockets would be prohibitive. I guess we don't need to worry about them over here.
and how much will the insurance cost to cover your 200$ shit homebrew shoebox power strip when it burns a multi-million dollar factory down.
A recent quote from an EE company that I just happen to have on my desk right now puts cost of compliance with CE & similar electrical safety rules for a short-run product (a device my client is considering installing at a few hundred of their clients' sites) at about $70 per piece. I'm convinced that this "power strip" is being manufactured in much larger quantities than that, so costs should be reduced: so again, where is the money going? It doesn't do anything innovative, plus it's had government funding for its development, so it should have had lower development costs than if one of us were to make it.
I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?)
It would strike me as much more effective to use a device that already has a lot more heft to it, so the weight difference wouldn't be noticed.
I know the Soviets discovered several CIA bugs because things like their copiers were just a few ounces heavier than a stock model.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
it really doesn't matter, everything that plugs into this box uses switching power supplies which have a wide range of voltages
never mind the fact that commercial AC transmission standards was developed in the USA in serious scale, thus making every one else "wrong". on a side rant I never figured out why so many people outside the states stick to a 50Hz cycle rate, its just nonsense ... is there a metric second I was unaware of?
I work for the government, and if I were ever to contract to the government to make something I would charge an arm and a leg for it because they burn a lot of time in pointless changes, process and administration. Plus they haven't got a clue and pay whatever you charge.
It should be a dismissable offence it bring this thing any where near where you work.
All you need is to ship with UPS a sealed carton of ten or twenty of these devices, each in its own professionally printed box, to the maintenance department of the target company. Lowly workers, just a notch above janitors, will not be asking their bosses about such a simple item, and power strips are always needed. You can do this even if you never set foot into the country where the target company resides.
Pro tip - one second / 60 = nothing. There's no unit that is a 60th of a second. If it was one hertz, and the euros were using 0.833Hz, you might have a point.
That's all besides the point anyway. NA started on DC, and when we first went to AC, it was 25Hz.
Not that any of that is related to the connector, in any way.
You poor bastards using 50/60Hz. I'm so much holier than you with my 25Hz. I AM THE ORIGINATOR OF ELECTRICS
Sent from my PDP-11
sadly, ignorance and political bias seems to be the exception to that rule at times. All throughout history, people have been trying to pound some sense into both categories and generally failed.
Get one of these: http://www.asus.com/Networks/Wireless_Routers/WL330N3G/. Hack OpenWrt to fit you needs, and flash the router with that. It's small and discrete enough to go unnoticed when set up and left somewhere, like behind a curtain, plugged into a forgotten Ethernet port in a wall somewhere. Power it with one of these: http://www.philips.co.in/c/cell-phone-accessories/universal-dlm2262_97/prd/.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Think about what you just said. Some cosmetic damage might make the hacked powerstrip more acceptable. Slap a shiny, new bit of equipment into an office, and it might raise a little curiosity.
Now, take a somewhat abused looking home-brew unit, and put it someplace in the same office. No curiosity, at all. Where I work, there is no shiny, pretty, new, or nice. Everything is beaten to hell and back!!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
If a power strip/ surge protector weighs as much as a battery backup, someone is going to ask some questions.
I'd be surprised if they weren't making UPS versions of products like this also. If anything that is more likely something you'd connect to your network without questioning, for monitoring. The chance people would connect the RJ45 ports (I'm guessing these are supposed to protect against power surges) is a lot less in a corporate environment.
The first thing I thought when I saw this was how annoyed I'd be if I spend over $1000 and no-one plugged anything into any of the data ports. I'm guessing it could try to hack in wirelessly, but then they could have a put this into any device that had a constant power connection - shredder, radio, coffee maker - anything that gets left plugged in.
Some interesting info there. This thing is based on the SheevaPlug hardware co-located with a power strip, with customized re-programming. An expensive wolf in sheep's clothing.
SIGBUS @ NO-07.308
TFA says "Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more". Which leads us to a question, since they're distributing it: are they in compliance with relevant licenses (e.g. GPL) if they have they modified any of the FOSS packages ?
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If, like me, you found it unlikely that DARPA would fund something like this and let you talk about it (or at least, suspected this might be a case of hacker braggadocio), check this out:
http://www.cft.usma.edu/currentProjects.htm
It's listed under the "Homepwners Policies".
You are welcome on my lawn.
Showing up in corporate parking lots?
You should be considering how and where you are going to convincingly deliver 1,000 of these devices to the top 50 banks as if they were part of the normal office supply delivery.
I recommend branch offices rather than corporate HQ. Stuff like power strips are always in short supply, and at branch offices they'd happily accept (and without any questions) an accidental delivery of 3 from the office supply company via FedEx. And at branch offices I've done work in, there's always a little more do-it-yourself IT spirit, and I can see people happily plugging the Ethernet "surge suppressor" inline with their PC.
My question is -- how many are there like this out there already? Does anyone have the pockets deep enough to send out 10,000 like this to a focused group of targets? It starts to make even a successful activation rate of 0.05% look interesting.
Why would I need an expensive, dedicated piece of equipment to perform the same job as one I already own?
What a very silly question.
Are you sure you're posting on the correct web site?
Faster! Faster! Faster would be better!
http://unex.com.tw/wifi-surge-protection
every day http://en.wikipedia.org/wiki/Special:Random