Slashdot Mirror

← Back to Stories (view on slashdot.org)

The DARPA-Funded Power Strip That Will Hack Your Network

Posted by timothy on from the ok-but-how-is-it-powered? dept.

An anonymous reader writes "The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make a point to ask if it's supposed to be there. Pwnie Express, which developed the $1,295 tool, says it's 'a fully-integrated enterprise-class penetration testing platform.' That's great, but the company also notes its 'ingenious form-factor' (again, look at the above picture) and 'highly-integrated/modular hardware design,' which to me makes it look like the perfect gizmo for nefarious purposes."

20 of 176 comments (clear)

  1. O RLY by Anonymous Coward · · Score: 5, Funny

    Omg Pwnies!

  2. There is a perfectly logical explanation by Tastecicles · · Score: 5, Insightful

    ...for the appearance of this device.

    Part of a penetration test should be, and I don't think I need to remind those who are active in the cybersecurity industry of this(!), creating hacking devices that look as if they're part of the furniture - like they're supposed to be there.

    Discuss.

    --
    Operation Guillotine is in effect.
    1. Re:There is a perfectly logical explanation by darkain · · Score: 5, Informative

      Why would they? Newer power strips have "USB Charging Ports" for cell phones and other gadgets, so you don't need to waste a normal outlet on them.

    2. Re:There is a perfectly logical explanation by Tastecicles · · Score: 5, Interesting

      When I have been around data installations, everything got marked and recorded - component boards, memory sticks, hard drives, cabinets, power strips, UPS bricks, cables, even down to any piece of plastic that could potentially house a small bug (such as three pin plugs, notwithstanding the fact that I insisted on using plugs that were moulded to the cable at both ends). During the regular hardware audits, every device, cable and connector was checked against the catalogue. Anything that didn't match up was ripped out immediately and replaced with a known quantity.

      If I didn't install it, it didn't belong.

      --
      Operation Guillotine is in effect.
  3. Made in China ? by Taco+Cowboy · · Score: 4, Interesting

    Hopefully this strip is not made in China
     
    I'm crossing my fingers
     

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Made in China ? by Cryacin · · Score: 4, Funny

      Made in North Korea?!? What the...

      --
      Science advances one funeral at a time- Max Planck
    2. Re:Made in China ? by Ashtead · · Score: 4, Interesting

      Hopefully this strip is not made in China I'm crossing my fingers

      According to the link from cryptome than an AC has provided further down here, the hardware is indeed mostly made in China. What makes this US made to the satisfaction of the government is that the software that makes this thing what it is, is made in the US, replacing all the original code.

      This document goes on at length about how that can be. As an EE, not a lawyer, I found the information that the "brain" is a SheevaPlug to be more interesting.

      --
      SIGBUS @ NO-07.308
    3. Re:Made in China ? by Jeremiah+Cornelius · · Score: 4, Insightful

      So easy to make your own.

      DARPA paid for this? It's Backtrack/Aircrack/Metasploit on a board.

      Hello, Raspberry Pi!

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  4. Parking Lots by guttentag · · Score: 5, Funny

    I predict these will start showing up in corporate parking lots. "Ooh! Look, someone dropped a power strip! I've been telling my boss I need more outlets in my cubicle since he won't let me charge my phone by plugging it into the computer anymore... this will do nicely! And is that a USB stick on the ground? Oh, almost got me there. I know better than to plug that in."

  5. Re:That looks nothing like a power strip by Zontar+The+Mindless · · Score: 4, Insightful

    Oh, really? Guess you've never seen a surge-suppressing power strip with sockets for phone and Ethernet to protect those lines as well?

    Looks to me almost exactly like the one I used when I still lived in the States.

    --
    Il n'y a pas de Planet B.
  6. Re:EMF interference by Zontar+The+Mindless · · Score: 4, Insightful

    Grab an RF meter and go to town.

    Right.

    And just how many network admins do you know who actually keep one of those around?

    I'd ask ours where he keeps his (assuming he even has one), but he's on vacation until mid-August, and his stand-in works in a different building in another part of town.

    I think even you can see where I'm going with this... :)

    --
    Il n'y a pas de Planet B.
  7. Translation by bashibazouk · · Score: 5, Interesting

    The opposition (who ever they may be) has figured out that we were using this device. Word has gotten out. We no longer need it. You may now do with it as you wish...

  8. Re:$1,295? by Fjandr · · Score: 5, Insightful

    Minus the development of capital costs of mass production facilities and the engineering to make the internals readily production-capable.

    There are actual issues involved in a production product which homebrew doesn't solve, but you'd never know that to read Slashdot.

  9. Re:$1,295? by The+Master+Control+P · · Score: 5, Insightful

    And yet while every single time someone does something interesting there's a snivelling asshole like you there to poo-pooh how "easy it would be to just...", we never, ever hear of your much cheaper yet equally effective copies of the thing in question for some reason which I just can't figure out.

    Instead of being bitter and resentful towards those who actually create new things, why don't you go and invent some yourself?

    Oh wait, that's like... real work and effort and thinking and shit. Back to the TeeVee it is!

  10. Re:Only in America... by jamesh · · Score: 4, Insightful

    Only in the USA, because large parts of the world use other outlets and voltages....

    Yep. The development effort to retool for 240v and Australian power sockets would be prohibitive. I guess we don't need to worry about them over here.

  11. Re:$1,295? by Dodgy+G33za · · Score: 5, Insightful

    I work for the government, and if I were ever to contract to the government to make something I would charge an arm and a leg for it because they burn a lot of time in pointless changes, process and administration. Plus they haven't got a clue and pay whatever you charge.

  12. Re:Nasty piece of work by tftp · · Score: 5, Insightful

    It should be a dismissable offence it bring this thing any where near where you work.

    All you need is to ship with UPS a sealed carton of ten or twenty of these devices, each in its own professionally printed box, to the maintenance department of the target company. Lowly workers, just a notch above janitors, will not be asking their bosses about such a simple item, and power strips are always needed. You can do this even if you never set foot into the country where the target company resides.

  13. And for the home amateur on a budget ... by PolygamousRanchKid+ · · Score: 4, Interesting

    Get one of these: http://www.asus.com/Networks/Wireless_Routers/WL330N3G/. Hack OpenWrt to fit you needs, and flash the router with that. It's small and discrete enough to go unnoticed when set up and left somewhere, like behind a curtain, plugged into a forgotten Ethernet port in a wall somewhere. Power it with one of these: http://www.philips.co.in/c/cell-phone-accessories/universal-dlm2262_97/prd/.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  14. Re:$1,295? by Runaway1956 · · Score: 4, Insightful

    Think about what you just said. Some cosmetic damage might make the hacked powerstrip more acceptable. Slap a shiny, new bit of equipment into an office, and it might raise a little curiosity.

    Now, take a somewhat abused looking home-brew unit, and put it someplace in the same office. No curiosity, at all. Where I work, there is no shiny, pretty, new, or nice. Everything is beaten to hell and back!!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  15. Re:Licenses? by Anonymous Coward · · Score: 4, Informative

    Found of Pwnie Express here - we are indeed in compliance with all OSS, and none of the OSS packages have been modified (our value add is in the custom ruby-based web UI, automation scripts, etc.)