PwnPlug Opens Back Door Into Corporate Nets

PwnPlug is a tiny Linux-based computer disguised as an innocent power charger plug, which can quietly violate corporate networks when plugged into a company power socket.

The device, manufactured by a Vermont startup named Pwnie Express, comes pre-loaded with an arsenal of hacking tools and has the ability to communicate information to its owner via 3G. According to network security specialists, it works almost too well, creating risks for companyes – although Pwnie Express says it is only selling it for remote network penetration testing (pentesting).

Plug & Pwn

Pwnie Express calls the device “the industry’s first-to-market commercial penetration testing drop box”. Pentesting finds network vulnerabilities by asking a “white hat” hacker to attempt breaking into the network. It safeguards organisations against failure by identifying security weak spots so that they may be managed proactively.

A “Creeper Box” like the PwnPlug has been a hacker dream for many years, but only recently have the advances in technology allowed a cheap, tiny computer which is powerful enough to be useful for hacking.

PwnPlug is a stealthy, non-descript white brick that can be disguised as a power supply, charger or an electric air freshener. It comes together with a choice of stickers to complete the illusion. Since the device needs to be installed at a target location first, an element of “social engineering” is necessary for a successful attack.

Wired reported a network specialist Jayson E. Street turned up at several national banks in the US dressed as a technician, while conducting security testing on behalf of the management. He was planning to test 10 branches, but after he was allowed to plug in the PwnPlug, unchallenged, in four, the exercise was called off. According to Pwnie Express, PwnPlug is now used by several Fortune 50 companies and even some government organisations to check their networks for vulnerabilities.

You can watch a video documenting Jayson’s exploits on Irongeek website.

Ninjutsu

The device was inspired by SheevaPlug, a miniature Linux-based power plug computer. But it was Pwnie Express who decided to tailor the device to hacker (or security specialist) needs.

PwnPlug costs $520 (£329) for the standard version, and $770 (£487) for the Elite version, which can connect over the 3G mobile wireless network. Both maintain a covert, encrypted, firewall-busting backdoor into a target network. If the user already owns a SheevaPlug, he or she can download the community edition of PwnPlug software to start hacking, or testing, free of charge.

Inside the PwnPlug, users will find a 1.2GHz Marvell Sheeva CPU with 512 MB of flash memory and 512 MB of DDR2, supporting Debian, Fedora, FreeBSD, and OpenWRT ARM Linux distributions. On the outside of the case, the system has an Ethernet port, a USB connector and a serial console port. The in-built memory can be expended through an SD card slot. The power consumption of the system is stealthy too – 2.3 watts while idle, and seven watts under load.

PwnPlug includes a “Plug UI” for simple web-based setup. It is able to easily tunnel through application-aware firewalls & IPS, and features fully-automated NAC/802.1x/RADIUS bypass. It can even send tunnel status alerts by SMS, giving the hacker up-to-the-minute information about their target.

The company also offers a PwnPhone, which too is capable of full-scale wireless penetration testing. As with Pwn Plug, if you already own or can acquire a Nokia N900 you can download the community edition of Pwn Phone and get after it right away.

Could you survive a PwnPlug attack? Try our security quiz and find out!