404 Tech Support

Mysterious power strip show up at your office? Could be a hacking device

Picture this scenario: A box arrives at the office from Amazon or an office supply store. It’s addressed to the department manager. They open up the box and find a power strip inside, with an invoice – fully paid. The manager doesn’t remember ordering it but there’s been a lot going on. He asks around if anybody needed a power strip and somebody volunteers because they could not plug their fan in without it. The manager thinks that must have been why he ordered it and the staff is happy that they got the equipment.

The staff member goes back to their desk and plugs everything in. Little do they know, they have just opened a hole to the entire network. The device is called Power Pwn, a product from Pwnie Express for penetration testing.

Another scenario could just have a penetration tester getting into the building somehow (e.g. as a custodian, a job interview, or on a tour) and plugs in the device and connects everything up, leaving it inconspicuously ready for use under an abandoned desk.

The Power Pwn builds on the more suspicious looking Pwn Plug with a more disguising look and a lot more features.

With the device on the inside, the security researcher could snoop on the whole network remotely with a lot of tools ready and waiting at their fingertips.

The scary thing is that most people wouldn’t think twice about the power strip showing up if it was packaged convincingly enough. After that, the victims would do the work for the hacker by plugging it in.

This convincing tool is available for pre-order currently with an estimated delivery of September 30th. The price for such a rig: $1,295.00 USD. You can see more pictures and the product documentation from the product page on PwnieExpress.com. Just in time for Black Hat and DEF CON information security conferences.

(via Forbes)