July 23, 2012
Your Surge Protector Could Be Watching You
Michael Harper for redOrbit.com — Your Universe Online
They say the best place to hide is in plain sight. After all, no one would ever suspect a common office appliance could be snooping on their network as it sits under the desk, almost out of sight and forgotten. Thus, the Power Pwn, a remote access machine built into a surge protector.With this machine, corporations and government agencies can run full-fledged security tests on their networks. Housed inside the Power Pwn are Bluetooth and Wi-Fi adapters, as well as several other hacking and remote access tools to completely infiltrate any network. The sneaky surge protector even boasts 3G connectivity and can be controlled on a cell network. For instance, using the “text-to-bash” feature, users can send commands via text messages to the Power Pwn.
The device is the result of a sponsorship from DARPA, who pushed the Power Pwn through their Cyber Fast Track program, which strives to make complex cyber-defense tools more affordable and available to commercial organizations.
According to Dave Porcello, CEO of Pwnie Express – the company who built the Power Pwn – the device allows organizations the ability to “just plug in and do a full-scale penetration test from start to finish.”
“The enterprise can use stuff like this to do testing more often and more cheaply than they´re doing it right now,” Porcello told Robert McMillan of Wired.
According to Porcello, 90% of their customers are commercial or federal organizations who want to ensure their networks and data are completely safe.
By running these penetration tests, commercial and federal organizations can put their networks under attack or undue strain to discover where the weak points lie. Once they know where these points are, they can go about strengthening them, in case a legitimate attack is on the way.
While the Power Pwn may offer a very valuable service, it doesn´t come cheaply. Priced at $1,295, the sneaky surge protector is one way DARPA and companies like Pwnie Express are taking back technology from the hackers and using it to protect themselves.
The Power Pwn ships with easy-to-use scripts which get the device up and running as soon as it´s plugged in. Jason Malley of Tyco Security vouches for its ease of use. “It´s pretty sturdy. You can send it through US mail and you can send it through FedEx and the setup is easy.”
“This tool really cuts down on time and expenses.”
Malley declined to offer any specifics about the way his company was using the devices, though he did say he´s been using them for over a year, using them for informal “lunch and learn” demonstrations on network security.
“It´s actually a really great security awareness tool,” he says, “because we can talk about things in theory. When you pull the thing out and say it´s not theory, it definitely helps and you notice things.”
In March, Pwnie Express released a smaller, similar device called the Pwn Plug. Rather than a large, surge protector-styled device, the Pwn Plug is a small white box which plugs directly into a wall socket. Once plugged in, the Pwn Plug can be controlled remotely and start chipping its way at the local network. Though it´s not outfitted with the same amount of features as its heftier sibling, the Pwn Plug is a bit easier to come by, priced from $480 to $730.