The Power Pwn may look like an ordinary power strip, maybe with an included surge protector, but it's far from it. Network administrators and IT staff in general need to be wary of this one: it can do much more than meets the eye.
The Defense Advanced Research Projects Agency (DARPA)'s Cyber Fast Track program helped funded the development of the Power Pwn. Pwnie Express, which developed the $1,295 gizmo, says it's "a fully-integrated enterprise-class penetration testing platform." That's great, but the company also notes its "ingenious form-factor" (again, look at the above picture) and "highly-integrated/modular hardware design," which to me translates to: it's the perfect tool for hacking a corporate network.
So what do you get after you drop more than a grand for the device? Check out the list of features:
- Onboard high-gain 802.11b/g/n wireless.
- Onboard high-gain Bluetooth (up to 1000').
- Onboard dual-Ethernet.
- Fully functional 120/240v AC outlets!.
- Includes 16GB internal disk storage.
- Includes external 3G/GSM adapter.
- Includes all release 1.1 features.
- Fully-automated NAC/802.1x/RADIUS bypass.
- Out-of-band SSH access over 3G/GSM cell networks!.
- Text-to-Bash: text in bash commands via SMS! .
- Simple web-based administration with "Plug UI".
- One-click Evil AP, stealth mode, & passive recon.
- Maintains persistent, covert, encrypted SSH access to your target network [Details].
- Tunnels through application-aware firewalls & IPS.
- Supports HTTP proxies, SSH-VPN, & OpenVPN.
- Sends email/SMS alerts when SSH tunnels are activated.
- Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more.
- Unpingable and no listening ports in stealth mode.
To summarize that for you, the Power Pwn can launch remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks to identify network weaknesses. You can send commands via a convenient Web interface, accessible through the unit's built-in 3G radio, or directly to the device via text message. In fact, if you're feeling really lazy, you can use Apple's Siri voice-recognition software to send it instructions.
It's something "you can just plug in and do a full-scale penetration test from start to finish," Pwnie Express CEO Dave Porcello told Wired. "The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now."
He also said 90 percent of the company's clients are commercial or federal organizations. What's the other 10 percent? That's what you should be worried about.
The good news is you still have time to get the word out. The Power Pwn is currently available for pre-order, but its estimated ship date is September 30, 2012.