Pwnie Express Releases Android-Based Network Hacking Kit

At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.

Re:1st time got it working?

[kwark]

Chrooting has been around since the first android device (ADP/G1). The problem is having a driver that enables monitor mode.

Re:I'd buy one

[drinkypoo]

I'd make my own Pwnie plug instead.

The software ought to run on the standard Pogoplug. which is $20.

Re:I'd buy one

[Aaron+B+Lingwood]

What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?

NFC: Monitor/Manipulate Contactless Payment Systems, Smart Tags and Mobile Devices (i.e: Force pair a Nokia)

Form Factor: Easily concealable and can be powered via USB. Easily turn off screen when someone is shoulder surfing

Connectivity: High Speed Mobile Data and superior network management. Ever since BT moved away from SLAX, falling back to WiFi when 3g drops has become unreliable. Multiband Radio makes it more likely to get a signal in a high security building

OS: BT5 for ARM is still not the best. Many tools are buggy and won't even run on a range of devices. Android is attracting quite a few developers meaning we are likely to see new tools on Android before BackTrack, Ubuntu or Debian Repositories. Making from source isn't viable when you are often working against the clock. BT5, being Ubuntu based, is a full desktop environment and it takes a lot of work to trim the fat. If you are talking about BT5 on an x86 laptop then the next point is amplified

Battery: Battery Life is likely much better on the Nexus than a cheap laptop. For reconnaissance, one may need to keep the device powered for hours or even days. Many cafes and bars will offer charging stations. Finding a power point on the other hand can be challenging, especially if one is trying to keep a low profile

Support: While the community-driven support for BT5 (and linux in general) is great, it is unlikely they can offer support for the particular device you are on (in a timely manner at least). Got an issue with this device, check the forums or get Live Chat Support

Crunching: Modern ARM SOC's have great number crunching ability, especially those found on mobile devices as there is a focus on graphics ability and not on economy

All my pentesting is done from either an x86 desktop (in a vehicle) or my Galaxy SIII. I find that laptops continually under-perform and have too many trade-offs. I only use them when the conditions require that I must.