RSA: The Pwn Pad is an Android Tablet-Based Penetration Tester (Video)

Video no longer available.

Last year Pwnie Express showed us their Stealthy Pen Test Unit that plugged directly into a 115 VAC wall outlet. This year at RSA they're proudly displaying their Pwn Pad, which is a highly-modified (and rooted) Nexus 7 tablet "which provides professionals an unprecedented ease of use in evaluating wired and wireless networks." They list its core features as Android OS 4.2 and Ubuntu 12.04; large screen, powerful battery; OSS-based pentester toolkit; and long range wireless packet injection. If you can't see the video (or want to read along) the transcript is below.

Oliver: Hi. My name is Oliver Wies, ‘Awk’ at Pwnie Express. I am a developer for different mobile pentesting platforms. This is the Pwn Pad, and I am going to give you a little demonstration and talk about it.

Tim: Please. Can you talk about the hardware first? What is it that you are holding?

Oliver: So this is a Google Nexus 7 tablet. It is running Android Jellybean 4.2.1. And then with a recompiled kernel to support packet injection and the Bluetooth stuff. And then underneath is a Ubuntu CH root environment with all the different security and hacker tools installed.

Tim: Now talk about what are some of those tools? What do you have installed?

Oliver: So, we have a wide range of cutting edge wireless tools installed on here, as well as the standard network tools. So, the wireless side, we’ve got the Aircrack-ng Suite, there’s Kismet Newcore, that also works with the Ubertooth. There’s Wi-Fi, which is frontend to Aircrack-ng for automation. There is Hostapd which is another that can be used for an Evil AP. There is the FreeRADIUS WPE stuff, Asleap, EAPeak. So there is a lot of capabilities of doing enterprise level wireless pentests. And then there is also some Bluetooth tools as well, Bluelog, Bluebugger, some basic, the Bluez Utils suite, and then the Ubertooth tools as well. And then on the network side, we’ve got Tshark, Tcpdump, SSLstrip, Dsniff, Ettercap-ng, the Social Engineering Toolkit, Metasploit, Easy Creds, and an OpenVAS vulnerability scanner.

Tim: Now the software under here is [Intensity]. It is open source, it’s well known, so talk about how it is different from somebody picking up a Nexus 7, like what it does take to make all these things work on this hardware?

Oliver: Well, a few months that is for sure. Basically, installing an Ubuntu CH root environment is pretty trivial these days on an Android device, granted you have enough space and you have rooted your device, so you have root access. But once you do that, in order to get these kind of devices working with it that you packet injection, you have to recompile the Android kernel to support those modes.

Tim: Why did you have to put on the Ubuntu environment at all?

Oliver: Because a lot of the standard tools won’t just run in Android. Android is Unix-based. But it doesn’t have a lot of the libraries and a lot of the tools that a full Ubuntu Linux has which is why we chose that.

Tim: And what kind of work went into actually making the tools work, once you had those big pieces on?

Oliver: Yeah, there are a lot of tools that are pretty standard in the Ubuntu repositories that you could apt get install but there are a lot of the latest cutting edge ones like Kismet and Ettercap-ng that you have to compile from source. Also some of the other wireless tools like MDK3. We put the latest version of Aircrack on there as well. A lot of the really cutting edge tools you just can’t find in the Ubuntu repositories, especially for ARM because this is ARM processors. So I ended up compiling them directly on the device itself.

Tim: Now we are at a security show and I presume you have been running this here at the show.

Oliver: Most of the time, yeah, we’ve been doing quite a bit of demos, just showing that things will connect, AT&T, Wi-Fi specifically, things will just connect to that automatically, and it is very easy to just show, I’m going to show you right here, that even though this isn’t doing anything evil except allowing people to connect, it will show that basically a lot of devices are just going to automatically connect to an open network when they see it. And it is also using Airbase, which is pretty aggressive. So you can start to see things connect.

Tim: So even at a show like this people are not as security conscious as maybe they should be?

Oliver: Even at a show like this. Yeah, you think that at a security show people would be conscious about turning their wireless off, but it’s not the case. Convenience, the convenience factor is always going to win in the end.

Tim: Now is this an outgrowth of the Pwnie Plug? The earlier product, the plug that was here last year? And that is still available?

Oliver: Yes. That is correct.

Tim: So how does this differ in what capabilities it offers?

Oliver: Well, this is really good for doing a wireless assessment; it looks really sleek, it is really easy to use, a lot of the tools that would take the time to sit down at the laptop and set them up, they are already pretty configured. You basically plug the adapter in and hit the icon and it goes. So you can very quickly assess the security of a wireless environment, you can see what a Bluetooth environment looks like, you can even attack the wired side, but it basically just takes a lot of the well-known tools that require a set up and make them easy and quick to use, and the shell as well, and of course, the plug doesn’t have a nice screen and a quad core processor.

Tim: Or a battery?

Oliver: Or the battery, yeah.

Tim: So you could I guess leave this and book shop for a while, and come back?

Oliver: Yeah, one of the tools is the reverse SSH shell, so you could leave this somewhere and have it connect to an SSH server somewhere else over the 3G network and then get into it, and start hacking wireless from there, so you just enter in your address in the port and then it will connect back and you can leave it.

Tim: So what does this cost? And what goes into that? For instance, I see you’ve got a different wireless card on here, can you talk in detail about what’s the wireless that you’ve got attached to the back there?

Oliver: Yeah, so this is a TP-link adapter. This is a unique card in that it supports a packet injection, monitor mode and wireless promiscuous mode, which lets you do sidejacking.

Tim: And how is it attached to the device?

Oliver: So this is just a standard OTG USB cable. One of the really nice things about Android devices is there is a lot of support for USB, so you can practically plug in any USB device and access it through Android. So flash drives, keyboards, mice, and now adapters with the kernel work that we’ve done. So this is like a long range wireless card. It also comes with a small Bluetooth adapter. It also comes with an USB Ethernet adapter, so that you could plug it into the wire. And the price on the product it also comes with this nice case with the Velcro. And the price point on it is $800 for the whole kit, but if you have a Nexus 7 the software will be available on our website to download, and you can get the adapter separately.

Tim: And the kernel work you’ve done, that all goes back upstream?

Oliver: Yeah, basically, we provide it to the community; all our stuff is open source so it is available.

Tim: And if someone didn’t want this, who are you competitors? I mean, you’ve got an open source portable thing?

Oliver: Yeah, I mean this is really the first time we have seen an Android device doing packet injection publicly that we know of. So it is hopefully the first of many, but it is kind of definitely a new thing.

Tim: And what kind of reaction have you gotten from people?

Oliver: People are psyched. People are really excited about it. The Pwn Phone was great, definitely a different piece, it was already running Linux, had an internal card that supported packet injection and monitor mode and this is kind of a whole new realm. So it’s really coming together.

Tim: And as a developer, where are you based, and how distributed is the company right now?

Oliver: We are based out of Vermont, and we started out as three people, and now we are about fifteen, and we are planning to continue expanding, and we will probably start popping up all over the place.

Tim: What should we look for next?

Oliver: Well, I think there will probably be another phone on the horizon soon. I mean this is our first tablet, but expect to see another phone soon.

Pwn Pad Passes Perl Philter Phor

[Anonymous Coward]

Duplicates [slashdot.org]

Nice Tablet

[jackb_guppy]

I good see the hardware/software is flexable - even in these days of walled gardens.

My wife just got me a TP adapter, so I now have a net project to look forward too.

Re:Not Really Revolutionary

[Lunix Nutcase]

They don't claim it's revolutionary. Also the integration and pre-configuration is very important to many people who would be interested in such a product. Much more so than your dimissive comment would make it seem. Sure, one could buy all the parts separately, recompile the kernel and all the software and put it tall together hemselves. On the other hand, most people's time is not worthless so the price is worth the fact that one can be up and running immediately.