If you ever see this nearby, better make sure someone has a valid explanation!
The Defense Advanced Research Projects Agency (DARPA) is an agency in the US that helps fight cyber crimes and solve issues of cyber security locally and internationally. They have funded the research and development of this gizmo here called ‘Power Pwn’, a $1205 gadget that looks like a normal power strip – fat enough to look as if it has a surge protector too. Who would think that this device can actually be used to hack and monitor corporate networks?
[ad#Google Adsense 336×280]
A Tool To Hack or To Test?
The Power Pwn was initially made to test and improve cyber security for corporations and local networks in government agencies. This device can actually launch remote Wi-Fi, Bluetooth, and Ethernet attacks to check for network vulnerabilities. Apparently, you can even use Apple’s Siri to set your instructions for the attacks! Oh, did I mention that is has 3G support too? There goes your mobile device security…….
This device could replace methods used by cyber security companies to test network security – using unscheduled or permitted attacks to test a network’s security and vulnerabilities. However, according to Pwnie Express CEO Dave Porcello, this device is meant for federal or commercial organizations, which makes up for 90 percent of their current consumer base. Who are the remaining 10 percent? Probably the security companies. Imagine them selling these as normal power strips, the poor average Joe would bring it home and make his entire network susceptible to attack!
Conspiracy theories aside, here’s a look at the features of the device:
- Onboard high-gain 802.11b/g/n wireless.
- Onboard high-gain Bluetooth (up to 1000′).
- Onboard dual-Ethernet.
- Fully functional 120/240v AC outlets!.
- Includes 16GB internal disk storage.
- Includes external 3G/GSM adapter.
- Includes all release 1.1 features.
- Fully-automated NAC/802.1x/RADIUS bypass.
- Out-of-band SSH access over 3G/GSM cell networks!.
- Text-to-Bash: text in bash commands via SMS! .
- Simple web-based administration with “Plug UI”.
- One-click Evil AP, stealth mode, & passive recon.
- Maintains persistent, covert, encrypted SSH access to your target network [Details].
- Tunnels through application-aware firewalls & IPS.
- Supports HTTP proxies, SSH-VPN, & OpenVPN.
- Sends email/SMS alerts when SSH tunnels are activated.
- Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more.
- Unpingable and no listening ports in stealth mode.
Word of Advice…..
If you ever see such a device anywhere nearby, better start investigating. If you saw it, it’s probably too late for you anyway.
Source via ZDNet.com