Innocent looking power strip will hack your corporate network

DARPA likes to fund some cool initiatives. Everyone knows about the Internet, but they also fund smaller projects like the F-BOMB. Now ZDNet is reporting on a new DARPA-funded project that could have some corporations worried. It’s called the “Power Pwn,” and looks just like a normal power strip you might see behind your computer. The insides, however, are far more ominous.

The device has a laundry list of tools built in. It contains a 3G/GSM adapter to allow the attacker to control it using SMS messages or even SSH to the device over the 3G network. It has a high-gain 802.11b/g/n wireless network built in, as well as a high-gain Bluetooth adapter with a range of up to 1,000 feet. There’s 16GB of internal storage to save logs to and a built-in web server that serves up an easy way to setup and configure the tool.

The Power Pwn was created to be used in penetration tests with the thought being the tester sneaks into the building and then is able to remotely control the device to scan the network. It can be purchased from Pwnieexpress.com, costs $1,295, and is expected to be released on September 30th.

Source: PowerPwn.com

Via: ZDNet

Image courtesy of PowerPwn.com

Report a problem with article
Previous Story

Neowin Meetup: London, August 18th

Next Story

Torchlight II is lots bigger than Torchlight 1

30 Comments

Commenting is disabled on this article.

JaykeBird said,
What kind of legal uses would such a thing like this have anyway? If any?

about as legal as using torrent software.
sure a small amount of traffic is downloading linux .iso's like backtrack
but we all know its 90% piracy..So as far as i'm concerned all ISP's across the globe
should block users from accessing Pwnieexpress.com !
Any user caught going to this site or "even google'ing the name"
should be considered criminals and MUST be arrested and charged !
Let the cease and desist letters commence

It would be less conspicious if they made it look exactly like a commericial power-strip. Of course, I'm sure they have some of those laying around.

works good until you come around with a wifi scanner and find the device, as in most corporations they don't use wireless to connect their machines. should have a Mic/camera on it as well.. I mean, you gotta know when to abort!

That power strip is hardly innocent looking. It looks like some kind of monolithic 1980s Soviet design. I certainly wouldn't plug anything into it!

Enron said,
That power strip is hardly innocent looking. It looks like some kind of monolithic 1980s Soviet design. I certainly wouldn't plug anything into it!

so in soviet russia plug realy does pwns you.

looks like the have stolen most of those ideas from the wifi pineapple :-/
they are charging way to much for it. wounder if the FW is open source so
hackers can add features to it.

xSuRgEx said,
looks like the have stolen most of those ideas from the wifi pineapple :-/
they are charging way to much for it. wounder if the FW is open source so
hackers can add features to it.

Well it's probably not too hard to emulate, if I were designing it, I'd put 2 ethernet ports providing "surge protection", build in a PC (like a Rasberry Pi) which used those ethernet ports to connect to the net, connect to the TOR network, and connect to a VPN behind a TOR hidden service. Actually quite simple now I think about it, but somewhat easier to detect than the 3G.

xSuRgEx said,

they are charging way to much for it. wounder if the FW is open source so
hackers can add features to it.

If it's like any of their other devices, it's running BackTrack. I hope to get a hands on with one of these this week.

Then again, you could just hit the security guards over the head with this "innocent looking power strip" and then hack the corporate network. From the inside.

Sszecret said,
Then again, you could just hit the security guards over the head with this "innocent looking power strip" and then hack the corporate network. From the inside.

Lol, yes, innocent powerstrip which is around 3 times the size of your usual one.

Mark said,

Lol, yes, innocent powerstrip which is around 3 times the size of your usual one.


It's not like someone would suspect a man walking around carrying an oversized powerstrip. I do have to admit though, I think this could resist to a hurricane.

Sszecret said,

It's not like someone would suspect a man walking around carrying an oversized powerstrip. I do have to admit though, I think this could resist to a hurricane.

And also wearing a high-vis jacket. People apparently get away with LOADS of stuff with just a high-vis on.

Mark said,

Lol, yes, innocent powerstrip which is around 3 times the size of your usual one.

It's meant to look like an Surge protected power strip hence it's size

Mark said,

And also wearing a high-vis jacket. People apparently get away with LOADS of stuff with just a high-vis on.

That and a clipboard, people are sold. There was an experiment in the UK a few years back, people basically walked round a city centre with clipboards and a smart look about them, randomly stopping people and saying they were from the council and needed to ask a few questions.

Well in each case they ended up with easily enough info to commit ID theft, at the end of each questioning the people were told about the experiment and asked why they didn't once ask for ID - they all replied that the 'interviewer' looked the part and why else would they be walking round the a clipboard! The data was destroyed each time as well and these folk got a good lesson.

"just like a normal power strip"
The 2 ethernet and those two (not sure, USB?) port would be a giveaway though. Well, putting a sticker would do the trick perhaps. Curious to what those Raspberry Pi tinker could come up with to compete with this. The power plug design is a very good excuse to have a box getting power 24x7

martheen said,
"just like a normal power strip"
The 2 ethernet and those two (not sure, USB?) port would be a giveaway though. Well, putting a sticker would do the trick perhaps. Curious to what those Raspberry Pi tinker could come up with to compete with this. The power plug design is a very good excuse to have a box getting power 24x7

...
really?
http://www.newegg.com/Product/...t.aspx?Item=N82E16812120310

Those aren't Ethernet, they're phone jacks, and the cheapest power strips have them. The USB ports are for charging your phone.
All the nefarious stuff is wireless.

xSuRgEx said,

those are ethernet ports on the power pwn.


Either way, you run an Ethernet cord through them to protect the computer from surges from the network cable. Lost a computer from one once...that's why these things are invented. Aside from spying on people, of course.

siah1214 said,

Either way, you run an Ethernet cord through them to protect the computer from surges from the network cable. Lost a computer from one once...that's why these things are invented. Aside from spying on people, of course.

the ethernet ports are there for one reason only and its certanyly not "protectoin"

martheen said,
"just like a normal power strip"
The 2 ethernet and those two (not sure, USB?) port would be a giveaway though. Well, putting a sticker would do the trick perhaps. Curious to what those Raspberry Pi tinker could come up with to compete with this. The power plug design is a very good excuse to have a box getting power 24x7

My APC UPS has two of those one is LAN protection (one in and one out) and one is the control cable that has USB on the other end. One end is an RJ45 connector and it plugs into the USB port so windows native or APC Powerchute can manage it.

APC-Backups XS-1000--->http://www.apc.com/products/re..._index.cfm?base_sku=BX1000G

A UPS looking one of those is even more hardcore for this

Hum said,
Cool ! Now if I just had a corporate network ...

Well, that's the point... you don't need one. Use it in any random business and you're good to go!

I saw a story on TWIT where hackers had left infected USB drives in parking lots of companies which they wanted to spy on (a chemicals company I believe) in the hopes that a curious employee would plug on in to see what was in it.

A genius idea which has no doubt worked at some point but in this instance, they dropped it into the IT department for examination, where they discovered it was infected. They found a bunch more in the parking lot after that too.