Mini-machine roundup

There’s a lot of interesting work being done in the realm of small computing, some specifically aimed at security, and other projects that can be adapted to multiple purposes.

Pwnie Express Pwn Plug

Seriously cool little device.  If you can get one plugged into a target network, you’ve got the holy grail of penetration testing…. your own personal backdoor into the network. It’s loaded with tools to discover and exploit vulnerabilities, and there are even 3G models available, so you can communicate with them from anywhere. (Provided you’ve paid your wireless bill)

WiFi Pineapple

Not as fully functional as the Pwn Plug, but at a fraction of the cost this is a neat little box that can expose machines with vulnerable WiFi configs.  Made a bit of a splash at SXSW by hijacking some visitors connections and redirecting them to the “Nyan Cat” video meme.  This particular functionality is achieved through a tool called Karma.  When a machine is set to automatically connect to a Wi-Fi network, it will send out requests looking for that particular SSID.  Karma reads those requests, then broadcasts that it is the network that they are looking for.  This only works for open networks, which is a good reason to always enable WP2 or stronger protection on your wireless. (WEP passwords are easily cracked and it should be avoided).

Raspberry Pi

Conceived as a low-cost ($25-$35) computer to teach programming, the Raspberry Pi is a touch larger than a credit card and runs a basic Linux installation.   It doesn’t include wireless networking, but it can be added with a dongle.  A little bit of customization can turn one of these into a poor man’s Pwn Plug.  Since it is a full-fledged (albeit low-powered) computer, it can really be customized to do anything.  There are bound to be some great things built off of this platform in the near future.


2 responses

  1. Pingback: WiFi (in)security | Arboreal Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s