Darpa Funds Hack Machine You'd Never Notice - Wired News

PwnieExpress’ all-new Power Pwn. All Images: PwnieExpress

If you saw this bad boy under your desk, would you say anything?

It may look like a surge protector, but it’s really a remote access machine that corporations can use to test security and log into branch offices. Called the Power Pwn, it’s a stealthier version of the little box that can hack your network we wrote about last March.

Hidden inside are Bluetooth and Wi-Fi adapters, along with a number of hacking and remote access tools that let security experts prod and poke the network, and even call home to be remotely controlled via the cellular network.

There’s a “text-to-bash” feature that lets you send commands to the device using SMS messages. Some customers conducting penetration tests of corporate security have been using Apple’s Siri voice-recognition software to send these messages, says Dave Porcello, the CEO of Pwnie Express, the company that makes the Power Pwn. “Basically, they are able to speak pen-testing commands into their phone.”

It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.”

Using the Power Pwn via SMS

Companies can buy the $1,295 Power Pwn and mail it out to branch offices to do quick security tests of their remote networks, Porcello says. About 90 percent of Pwnie Express’ customers work for corporations or the federal government.

The device, like its Pwn Plug predecessor, comes with easy-to-use scripts that cause it to boot up and then phone home for instructions. “It’s pretty sturdy. You can send it through U.S. mail and you can send it through FedEx and the setup is easy,” says Jason Malley, who works in alarm-system maker Tyco’s security and compliance group. “This tool really cuts down on time and expenses.”

Malley wasn’t allowed to talk about what Tyco is doing with the devices â€" he’s been using them for more than a year â€" but he says that they go over really well when he pulls them out in informal “lunch and learn” demonstration sessions. “It’s actually a really great security awareness tool,” he says, “because we can talk about things in theory. When you pull the thing out and say it’s not theory, it definitely helps and you notice things.”

This Power Pwn was developed with money from a new Darpa (Defense Advanced Research Projects Agency) program called Cyber Fast Track, which is trying to jumpstart a new generation of cyber-defense tools. “It’s kind of taking the tools that the hackers are using and putting them in the hands of the people that need to defend against the hackers,” Porcello says.