Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Android Businesses Security IT Hardware

Pwnie Express Releases Android-Based Network Hacking Kit 35

Posted by timothy
from the thanks-for-the-tablet-sirs dept.
At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.
This discussion has been archived. No new comments can be posted.

Pwnie Express Releases Android-Based Network Hacking Kit

Comments Filter:
  • You could chroot BackTrack on a Nexus One a couple of years ago I thought. That gets you aircrack. If they've ported it over without needing that though? excellent.
  • nt (Score:4, Funny)

    by shentino (1139071) on Saturday February 23, 2013 @07:46AM (#42988471)

    My little pwnie, my little pwnie

    Ah ah ah ahh ahhhhhhhhh!

    Myyy little pwnie!

  • “I even called them and said we’d like to purchase 10,000 iPads, but we’d need to modify [iOS] slightly,” Porcello says.

    Apple said “no.”

    Translated: We don't want your $7million, since you're not just going to hand it over. You don't want our product, you want a customized product.

    • by ceoyoyo (59147)

      Translated: We'd like you to provide us with a customized version of your product, which we know you're not set up to do. We'd like to pay wholesale prices for it too, please.

  • by AmiMoJo (196126) * < minus poet> on Saturday February 23, 2013 @07:54AM (#42988493) Homepage

    Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.

    • Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.

      Uh? I'd say the sentence does show a lot of respect with regards to the device in question, doesn't it?

      • by Anonymous Coward

        No, it really doesn't. Same with the name, Pwnie.

        Childless leet-speak. Nothing more

    • The submission quotes from the wired article, specifically the first and third paragraphs. It's not kosher to delete words from direct quotes just because they're "hype", and might even be improper in this case (because the phrasing comes from the wired article and conveys how the writer of the article feels about the device, which gives important information for the reader). Of course, that doesn't mean a clever editor could jump in anyways with ellipsis and such, but ellipsis are ugly and in this case the

  • I'd buy one (Score:4, Insightful)

    by cpicon92 (1157705) <> on Saturday February 23, 2013 @08:21AM (#42988551)

    A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.
    Frankly, I think that's a lot of work. Possibly more than $800 worth of work at standard IT wages. I think every corporate IT department should invest in one of these, it would seriously improve network security on the whole.

    • Re:I'd buy one (Score:5, Insightful)

      by andydread (758754) on Saturday February 23, 2013 @08:37AM (#42988587)
      What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?
      • by oodaloop (1229816)
        Look cool?
      • Re:I'd buy one (Score:5, Informative)

        by Aaron B Lingwood (1288412) on Saturday February 23, 2013 @10:14AM (#42988879)

        What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?

        NFC: Monitor/Manipulate Contactless Payment Systems, Smart Tags and Mobile Devices (i.e: Force pair a Nokia)

        Form Factor: Easily concealable and can be powered via USB. Easily turn off screen when someone is shoulder surfing

        Connectivity: High Speed Mobile Data and superior network management. Ever since BT moved away from SLAX, falling back to WiFi when 3g drops has become unreliable. Multiband Radio makes it more likely to get a signal in a high security building

        OS: BT5 for ARM is still not the best. Many tools are buggy and won't even run on a range of devices. Android is attracting quite a few developers meaning we are likely to see new tools on Android before BackTrack, Ubuntu or Debian Repositories. Making from source isn't viable when you are often working against the clock. BT5, being Ubuntu based, is a full desktop environment and it takes a lot of work to trim the fat. If you are talking about BT5 on an x86 laptop then the next point is amplified

        Battery: Battery Life is likely much better on the Nexus than a cheap laptop. For reconnaissance, one may need to keep the device powered for hours or even days. Many cafes and bars will offer charging stations. Finding a power point on the other hand can be challenging, especially if one is trying to keep a low profile

        Support: While the community-driven support for BT5 (and linux in general) is great, it is unlikely they can offer support for the particular device you are on (in a timely manner at least). Got an issue with this device, check the forums or get Live Chat Support

        Crunching: Modern ARM SOC's have great number crunching ability, especially those found on mobile devices as there is a focus on graphics ability and not on economy

        All my pentesting is done from either an x86 desktop (in a vehicle) or my Galaxy SIII. I find that laptops continually under-perform and have too many trade-offs. I only use them when the conditions require that I must.

        • by Cederic (9623)

          Far more interestingly: If they can do this on an android tablet, they can do it on an android phone. That's even more discrete, and quite probably just as usable.

        • by chispito (1870390)
          You don't type much while you're pentesting?
          • You don't type much while you're pentesting?

            I use my desktop for preparation, execution and monitoring while the mobile device is normally taped under someone's desk, left charging at the lobby cafe or simply in lost property depending on the assignment

            I prefer security and IT to be unaware that the audit will be performed, as they would be in a malicious attack.

    • Re:I'd buy one (Score:4, Informative)

      by drinkypoo (153816) <> on Saturday February 23, 2013 @08:44AM (#42988605) Homepage Journal

      I'd make my own Pwnie plug instead.

      The software ought to run on the standard Pogoplug. which is $20.

    • A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.

      Rooting is inadequate for anything other than basic sniffing and WEP-cracking.

      On these devices, the bastardized Wi-Fi drivers are compiled into the kernel which is stored in ROM. In order to do any kind of packet injection, deauth attack or to use monitor mode, a custom kernel hence a custom ROM will be required. For those with a locked bootloader, that will be yet another step.

      • I was about to say the ROM. Hand held tools such as these are welcome to me. Everyday things like finding a bad NIC. If it makes your life easier.
  • by Anonymous Coward

    The king of mobile pentesting is the n900. Aircrack-ng has been working for ages, even with packet injection if you can find the patched drivers. Metasploit also runs as do tools like dsniff and ettercap

    • Pwnie express is selling one of those, too. And it even seems to come with a copy of my very own BackupMenu, so it's easy to restore if it breaks etc.

Never say you know a man until you have divided an inheritance with him.