Pwnie Plug Evolution

Power Pwn (Image by Pwnie Express)There is a new version of the PwniePlug, which was previously reported on by Dale.  This model comes in surge-strip form factor.

This project is interesting for a few reasons.  First, the PwniePlug/SheevaPlug/etc devices have always turned me off a little as legitimate attack tools.  While they stay small, they’re still ‘definitely a malicious device.’  I could never leave one in a parking lot and honestly expect someone to plug it into their network.  The Pineapple does better with its Jaesager firmware, but I still have never seen a control systems laptop with Wi-Fi (at least, not turned on).  Laptops themselves are about as rare as rare can be in anything ICS-related.  Also, in order to get one of a PwniePlug/SheevaPlug/Pineapple device into a pen-testing site, you need physical access.  With physical access, there’s a ton of bad stuff that you can do, and a malicious WiFi access point ranks moderate to low on my list of threats.

The Power Pwn is like the Pwnie Plug, but designed as a surge strip.  Cleverly, it includes two RJ45 jacks.  Plug one into your wall outlet, the other into your PC, but expect bad results for doing so: the onboard wifi and optional GSM modules could allow someone to insert traffic onto your network, and built-in metasploit will mean massive carnage for the unhardened network.

From the looks alone, the surge strip project is a game-changer to me.  I sit at a desk with an APC Back-UPS 500 that is very similar in shape and size to the Power Pwn.  My model even has ‘Ethernet surge suppressor’ ports labelled ‘IN’ and ‘OUT’, although I don’t use them.  Now you can bet that I never will…

The Power Pwn benefits as an attack tool by being a larger device, and mimicking a device that we normally think of as a totally passive part of our network.  Covertness isn’t about size, it’s about blending in.  The Power Pwn is a great lesson in proper patching and security hardening.  Imagine if some previously passive component on your network was actually aggressive — how would you go about defending?

Another interesting facet of the project is that it was developed under DARPA’s Cyber Fast Track program.  CFT lets small companies and independent researchers rapidly develop tools, both software and hardware, with minimal paperwork and contracting overhead.  The program is headed up by Mudge (Peiter Zatko), who is rumored for such hacks as showing Colin Powell that his Palm Pilot’s calendar could be read out remotely.

Image by Pwnie Express

Leave a Reply