Pwnie Express Releases Android-Based Network Hacking Kit

← Back to Stories (view on slashdot.org)

Pwnie Express Releases Android-Based Network Hacking Kit

Posted by timothy on Friday February 22, 2013 @11:20PM from the thanks-for-the-tablet-sirs dept.

At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.

35 comments

Min score:

Reason:

Sort:

1st time got it working? by MrDoh! · 2013-02-22 23:33 · Score: 1

You could chroot BackTrack on a Nexus One a couple of years ago I thought. That gets you aircrack. If they've ported it over without needing that though? excellent.

--
Waiting for an amusing sig.
1. Re:1st time got it working? by kwark · 2013-02-23 00:03 · Score: 5, Informative
  
  Chrooting has been around since the first android device (ADP/G1). The problem is having a driver that enables monitor mode.
nt by shentino · 2013-02-22 23:46 · Score: 3, Funny

My little pwnie, my little pwnie
Ah ah ah ahh ahhhhhhhhh!
Myyy little pwnie!
1. Re:nt by femtobyte · 2013-02-23 07:48 · Score: 2
  
  You have one too many "ah"s in there.
  Dammit, why did I know that from memory?
What jumped out at me by egcagrac0 · 2013-02-22 23:47 · Score: 1

“I even called them and said we’d like to purchase 10,000 iPads, but we’d need to modify [iOS] slightly,” Porcello says.
Apple said “no.”
Translated: We don't want your $7million, since you're not just going to hand it over. You don't want our product, you want a customized product.
1. Re:What jumped out at me by ceoyoyo · 2013-02-23 03:20 · Score: 1
  
  Translated: We'd like you to provide us with a customized version of your product, which we know you're not set up to do. We'd like to pay wholesale prices for it too, please.
Dear Editors by AmiMoJo · 2013-02-22 23:54 · Score: 2

Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
1. Re:Dear Editors by K.+S.+Kyosuke · 2013-02-23 00:17 · Score: 1
  
  Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.
  Uh? I'd say the sentence does show a lot of respect with regards to the device in question, doesn't it?
  
  --
  Ezekiel 23:20
2. Re: Dear Editors by Anonymous Coward · 2013-02-23 00:34 · Score: 1
  
  No, it really doesn't. Same with the name, Pwnie.
  Childless leet-speak. Nothing more
3. Re:Dear Editors by Scorch_Mechanic · 2013-02-23 08:45 · Score: 2
  
  The submission quotes from the wired article, specifically the first and third paragraphs. It's not kosher to delete words from direct quotes just because they're "hype", and might even be improper in this case (because the phrasing comes from the wired article and conveys how the writer of the article feels about the device, which gives important information for the reader). Of course, that doesn't mean a clever editor could jump in anyways with ellipsis and such, but ellipsis are ugly and in this case the sentence is so short there would be no point.
  For the record, omitting the second paragraph (which details pricing) from the submission and not indicating the omission with ellipsis or making it two separate quotes is bad editing.
  (I'm not a "real" editor, I just have an interest in proper formatting. I may be getting something here wrong, and if I am please feel free to jump on my head and/or correct me.)
  
  --
  You should turn signatures off.
4. Re: Dear Editors by Anonymous Coward · 2013-02-23 09:03 · Score: 0
  
  You say childless like it's a bad thing, rather than a responsible way to live on a planet dealing with limited resources and overconsumption.
I'd buy one by cpicon92 · 2013-02-23 00:21 · Score: 3, Insightful

A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.
Frankly, I think that's a lot of work. Possibly more than $800 worth of work at standard IT wages. I think every corporate IT department should invest in one of these, it would seriously improve network security on the whole.
1. Re:I'd buy one by andydread · 2013-02-23 00:37 · Score: 4, Insightful
  
  What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?
2. Re:I'd buy one by drinkypoo · 2013-02-23 00:44 · Score: 3, Informative
  
  I'd make my own Pwnie plug instead.
  The software ought to run on the standard Pogoplug. which is $20.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:I'd buy one by oodaloop · 2013-02-23 00:45 · Score: 2
  
  Look cool?
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
4. Re:I'd buy one by Anonymous Coward · 2013-02-23 01:48 · Score: 0
  
  Point and click, sorry, touch and swipe security.
5. Re:I'd buy one by Anonymous Coward · 2013-02-23 01:57 · Score: 0
  
  Fits on your hip and is less likely to be noticed passing through front door security.
6. Re:I'd buy one by Aaron+B+Lingwood · 2013-02-23 02:14 · Score: 4, Informative
  
  What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?
  NFC: Monitor/Manipulate Contactless Payment Systems, Smart Tags and Mobile Devices (i.e: Force pair a Nokia)
  Form Factor: Easily concealable and can be powered via USB. Easily turn off screen when someone is shoulder surfing
  Connectivity: High Speed Mobile Data and superior network management. Ever since BT moved away from SLAX, falling back to WiFi when 3g drops has become unreliable. Multiband Radio makes it more likely to get a signal in a high security building
  OS: BT5 for ARM is still not the best. Many tools are buggy and won't even run on a range of devices. Android is attracting quite a few developers meaning we are likely to see new tools on Android before BackTrack, Ubuntu or Debian Repositories. Making from source isn't viable when you are often working against the clock. BT5, being Ubuntu based, is a full desktop environment and it takes a lot of work to trim the fat. If you are talking about BT5 on an x86 laptop then the next point is amplified
  Battery: Battery Life is likely much better on the Nexus than a cheap laptop. For reconnaissance, one may need to keep the device powered for hours or even days. Many cafes and bars will offer charging stations. Finding a power point on the other hand can be challenging, especially if one is trying to keep a low profile
  Support: While the community-driven support for BT5 (and linux in general) is great, it is unlikely they can offer support for the particular device you are on (in a timely manner at least). Got an issue with this device, check the forums or get Live Chat Support
  Crunching: Modern ARM SOC's have great number crunching ability, especially those found on mobile devices as there is a focus on graphics ability and not on economy
  All my pentesting is done from either an x86 desktop (in a vehicle) or my Galaxy SIII. I find that laptops continually under-perform and have too many trade-offs. I only use them when the conditions require that I must.
  
  --
  [Rent This Space]
7. Re:I'd buy one by Cederic · 2013-02-23 04:31 · Score: 1
  
  Far more interestingly: If they can do this on an android tablet, they can do it on an android phone. That's even more discrete, and quite probably just as usable.
8. Re:I'd buy one by Aaron+B+Lingwood · 2013-02-23 05:15 · Score: 1
  
  A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.
  Rooting is inadequate for anything other than basic sniffing and WEP-cracking.
  On these devices, the bastardized Wi-Fi drivers are compiled into the kernel which is stored in ROM. In order to do any kind of packet injection, deauth attack or to use monitor mode, a custom kernel hence a custom ROM will be required. For those with a locked bootloader, that will be yet another step.
  
  --
  [Rent This Space]
9. Re:I'd buy one by chispito · 2013-02-23 05:29 · Score: 1
  
  You don't type much while you're pentesting?
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
10. Re:I'd buy one by Aaron+B+Lingwood · 2013-02-23 05:46 · Score: 1
  
  You don't type much while you're pentesting?
  I use my desktop for preparation, execution and monitoring while the mobile device is normally taped under someone's desk, left charging at the lobby cafe or simply in lost property depending on the assignment
  I prefer security and IT to be unaware that the audit will be performed, as they would be in a malicious attack.
  
  --
  [Rent This Space]
11. Re:I'd buy one by Anonymous Coward · 2013-02-23 11:08 · Score: 0
  
  BackTrack5 because it is working so well and what the hey your company has nothing to lose.
12. Re:I'd buy one by ralphaostrander · 2013-02-23 11:16 · Score: 1
  
  I was about to say the ROM. Hand held tools such as these are welcome to me. Everyday things like finding a bad NIC. If it makes your life easier.
Umm, did you RTFA? by Anonymous Coward · 2013-02-23 00:25 · Score: 1

It's still running Android.
1. Re:Umm, did you RTFA? by Aaron+B+Lingwood · 2013-02-23 04:45 · Score: 1
  
  Yay, a decent OS to run on my Nexus 7
  
  It's still running Android.
  This product ships with Android OS 4.2 and Ubuntu 12.04 to run the full range of tools.
  While the specs have not been released, I suspect that the Android ships with a mainline kernel instead of Google's Linux Kernel for Android to include glibc, full Wi-Fi support and all GNU libraries. Also, su, a complete different repo/store and stripped of everything Google.
  So, same OS, different Version, complete different Distro.
  
  --
  [Rent This Space]
Hail the n900 by Anonymous Coward · 2013-02-23 01:53 · Score: 1

The king of mobile pentesting is the n900. Aircrack-ng has been working for ages, even with packet injection if you can find the patched drivers. Metasploit also runs as do tools like dsniff and ettercap
1. Re:Hail the n900 by RobbieThe1st · 2013-02-23 14:12 · Score: 1
  
  Pwnie express is selling one of those, too. And it even seems to come with a copy of my very own BackupMenu, so it's easy to restore if it breaks etc.
Re:They should have used a HOSTS file by webmistressrachel · 2013-02-23 04:43 · Score: 1

You are surely of God of Trolls, whomever you are. I have had stupid arguments with and bitten the troll apk many times.
I liked how you got it just long enough to display all the content, and yet the Slashdot renderer still teased me with "Read the rest of this comment" or whatever it says.
You had this ready for the next article to appear, didn't you? Helluva copypasta, baby!

--
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
Well.. by Anonymous Coward · 2013-02-23 05:32 · Score: 0

Doesn't it?
If I was to read a headline that said "Katy Perry has a smokin' hot rack!", I would not call it hype.
Re:They should have used a HOSTS file by Arancaytar · 2013-02-23 07:35 · Score: 1

4 simultaneous DNS servers within a single rotation of .org TLD
what you did there
i see it
Re:Yay, a decent OS to run on my Nexus 7 by sensationull · 2013-02-23 13:05 · Score: 1

Go on fanboys, mod me down for being right, I own one and have had to return it once thanks to faulty hardware and wait months for them to fix 4.2 to deal with Bluetooth even remotely stably and for it to bring up the start screen icons in less than ten seconds. Before anyone starts spouting the fanboy line I should not have to root it, mod it or reflash it to make the damn thing work reasonably.