Pwnie Express makes IoT, Android security arsenal open source

The software should help penetration testers identify and locate threats to Internet of Things (IoT) devices.


Pwnie Express has given the keys to software used to secure the Internet of Things (IoT) and Android software to the open-source community.

The Internet of Things (IoT), the emergence of devices ranging from lighting to fridges and embedded systems which are connected to the web, has paved an avenue for cyberattackers to exploit.

Vendors are struggling to keep up with emerging threats and firmware is often left outdated, placing consumer and business data at risk -- but to assist researchers in finding IoT security flaws before they are exploited in the wild, Pwnie Express is opening up two software projects as open-source.

This week, the Boston-based firm announced plans to give Blue Hydra and the Android Open Pwn Project (AOPP) to open-source developers.

"The release of these tools enable comprehensive Bluetooth detection and community-based development of penetration testing Android devices," the firm says.

Blue Hydra is a Bluetooth tool which has a "tell you if it's there" mechanism to detect Bluetooth devices, but also acts as a sniffer which queries devices it detects. The company says the tool is able to grab data including a device name, firmware version, Bluetooth version they're running, manufacturer, and what services the device offers.

As Bluetooth, being a low-powered communication standard, is fueling IoT, having a tool which can identify threats to Bluetooth-enabled devices is likely to be handy for security professionals.

In addition, Pwnie Express has also opened the gate to the Android Open Pwn Project (AOPP), an Android ROM built for penetration testers. The project, based on the Android Open Source Project (AOSP) and community-developed ROMS -- including CyanogenMod -- gives developers the chance to create their own mobile penetration testing platforms.

"Pwnie Express' roots are in the open source community," said Rick Farina, Pwnie Express' director of R&D. "Developing and releasing open source tools reinforces our commitment to give back to the security community and make it easier for security teams to address the growing device threat landscape. These tools will help security professionals with Bluetooth visibility, which is key to effective device threat detection in our increasingly connected and IoT world."

In July, security experts warned that it will only take a few years before a catastrophic security breach is caused by a vulnerable IoT device.