Digital Bond

For Secure & Robust ICS

  • Home
  • Consulting
  • S4x18
    • S4x18 Call For Presentations
    • S4x18 Sponsor Packages
  • Dale Peterson
  • Hire Dale To Speak
  • Contact Us

Pwnie Plug Evolution

July 26, 2012 by Reid W Leave a Comment

Power Pwn (Image by Pwnie Express)There is a new version of the PwniePlug, which was previously reported on by Dale.  This model comes in surge-strip form factor.

This project is interesting for a few reasons.  First, the PwniePlug/SheevaPlug/etc devices have always turned me off a little as legitimate attack tools.  While they stay small, they’re still ‘definitely a malicious device.’  I could never leave one in a parking lot and honestly expect someone to plug it into their network.  The Pineapple does better with its Jaesager firmware, but I still have never seen a control systems laptop with Wi-Fi (at least, not turned on).  Laptops themselves are about as rare as rare can be in anything ICS-related.  Also, in order to get one of a PwniePlug/SheevaPlug/Pineapple device into a pen-testing site, you need physical access.  With physical access, there’s a ton of bad stuff that you can do, and a malicious WiFi access point ranks moderate to low on my list of threats.

The Power Pwn is like the Pwnie Plug, but designed as a surge strip.  Cleverly, it includes two RJ45 jacks.  Plug one into your wall outlet, the other into your PC, but expect bad results for doing so: the onboard wifi and optional GSM modules could allow someone to insert traffic onto your network, and built-in metasploit will mean massive carnage for the unhardened network.


From the looks alone, the surge strip project is a game-changer to me.  I sit at a desk with an APC Back-UPS 500 that is very similar in shape and size to the Power Pwn.  My model even has ‘Ethernet surge suppressor’ ports labelled ‘IN’ and ‘OUT’, although I don’t use them.  Now you can bet that I never will…

The Power Pwn benefits as an attack tool by being a larger device, and mimicking a device that we normally think of as a totally passive part of our network.  Covertness isn’t about size, it’s about blending in.  The Power Pwn is a great lesson in proper patching and security hardening.  Imagine if some previously passive component on your network was actually aggressive — how would you go about defending?

Another interesting facet of the project is that it was developed under DARPA’s Cyber Fast Track program.  CFT lets small companies and independent researchers rapidly develop tools, both software and hardware, with minimal paperwork and contracting overhead.  The program is headed up by Mudge (Peiter Zatko), who is rumored for such hacks as showing Colin Powell that his Palm Pilot’s calendar could be read out remotely.

Image by Pwnie Express

Filed Under: Control System IT, Remote Access, SCADA Hacking Tagged With: pwnie express, pwnie plug, supply chain

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to the S4 Events YouTube Channel

S4x18 Stats: 447 people from 25 countries
Thanks to all Attendees, Speakers & Sponsors

Follow S4 Events on Facebook

Tools & Talks

DNS Squatting and You

DNS Squatting and You

February 24, 2016 By Reid W 3 Comments

Basecamp for Serial Converters

Basecamp for Serial Converters

October 30, 2015 By Reid W 3 Comments

escar Asia

escar Asia

September 9, 2015 By Dale Peterson 1 Comment

Unsolicited Response Podcast: Cyber Insurance

Unsolicited Response Podcast: Cyber Insurance

August 27, 2015 By Dale Peterson 3 Comments

S4 Events Newsletter

Subscribe to our newsletter on leading / bleeding edge ICS cyber security information and S4 Events.

* indicates required
Email Format

Dale's Tweets

About Us

Digital Bond was founded in 1998 and performed our first control system security assessment in the year 2000. Over the last sixteen years we have helped many asset owners and vendors improve the security and reliability of their ICS, and our S4 events are an opportunity for technical experts and thought leaders to connect and move the ICS community forward.

Recent Comments

  • Chris on Koyo/Automation Direct Vulnerabilities
  • Brandon Workentin on The ICS Security Stories We Tell And Love
  • Joe Weiss on Insanely Crowded ICS Anomaly Detection Market
  • Stuart Bailey on Unsolicited Response Podcast Is Back … With John Matherly of Shodan
  • Chris Orr on Insanely Crowded ICS Anomaly Detection Market

Search….

Follow @digitalbond

Copyright © 2018 Digital Bond. - All Rights Reserved ·