Header Ads

The Pwn Phone by Pwnie Express on Mr.Robot a "Dream Device For Pentester" is a Real Thing

Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls.

Viewers may have noticed the show's protagonist Elliot Alderson executing a complicated hack with the help of a device called a Pwn Phone. Now, hackers and Mr. Robot diehards can imitate their favorite revolutionary by getting one of their own.

Security pros have long know about the Pwn Phone as a powerful mobile platform for penetration testing and security assessments, so it is not surprising to see it on Mr. Robot. 

The coolest part is that Pwnie Express is giving away a Pwn Phone, just like the one used in the show.


The Pwn Phone is a real-life product made by a Boston-based startup called Pwnie Express. The "dream device for hackers" allows users to check if there are any vulnerabilities in wired, wireless, or Bluetooth networks, and it looks like a regular cell phone. If you have a spare $1,095 sitting around, you can buy one here.


In the 8/31 episode of Mr. Robot, Elliot uses a Pwn Phone as a mobile platform to run a custom script he has written, CrackSIM.  CrackSim’s goal is to find vulnerable SIM cards and then cracking the DES encryption of that card.  Elliot then loads a malicious payload onto the SIM card, to Pwn the phone.


The Pwn Phone is a mobile pentesting device that makes it incredibly easy to evaluate wired, wireless and Bluetooth networks. It is built on Kali Linux that comes pre-packaged with over 100 built-in and ‘one-click’ tools, and it can run third-party scripts.

The Pwn Pad exists for security pros who want a tablet version, and it’s also available via the Android Open Pwn Project.


The Pwn Phone is the latest in a series of connected device hacks on Mr. Robot that have included a Femtocell, a Raspberry Pi, and Bluetooth sniffers, along with the hack of an E-Corp exec’s connected home and the crucial meltdown of E-Corp’s data center by using a connected HVAC system.


These are real threats that are being exploited by criminals to gain unauthorized access and steal data from companies today.


The company's CEO Paul Paget talked to Mashable about the device.

"A lot of times if you’re trying to audit something and checking the facility, everybody gets a little suspicious," he explained. "This is like sending mystery shoppers around the store or what you see in Undercover Boss."


In the past, Pwnie has made it clear that they do not condone the criminal use of penetration testing tools and devices. But pentesting is important, and having the tools to do it properly is part of that process.

Sometimes you need to break things to find and fix serious security vulnerabilities in the devices and networks that permeate nearly every facet of our daily lives. The bad guys have every tool available to them; white hats should be equally well-equipped.



 

No comments

blogmytuts. Powered by Blogger.