Skip to main content

DARPA-funded 'Power Pwn' could change security testing on corporate networks

A surge protector approaching £1,000 sounds like something you'd pick up from Monster Cable. If only you were so lucky, however.

The pricey protector's actually called the "Power Pwn" and, as the name implies, there's a bit more than meets the eye about this otherwise innocuous-looking device.

As first reported by Wired, this DARPA-sponsored device (that's the Defense Advanced Research Projects Agency) has been launched through the agency's Cyber Fast Track programme – designed to spearhead research into commercially viable cyber-defence projects that would otherwise never see the light of day as a result of their complexity, cost, or bandwidth required to work on.

So what's the Power Pwn do? In a nutshell, it's a "fully-integrated enterprise-class penetration testing platform," as reads the description on manufacturer Pwnie Express' website.

With built-in Bluetooth and Wi-Fi adapters, as well as dual-Ethernet ports and fully-functional 120/240v outlets (to lend further credibility to the otherwise nefarious device), the multi-function hacking tool allows employees to perform comprehensive security testing of a corporate network via a (seemingly) easy-to-use Web interface.

Power Pwn users can even send commands to the device via SMS message. According to McMillan, some have even been using their digital assistants – namely, Apple's Siri software – to help them out with the testing.

"Basically, they are able to speak pen-testing commands into their phone," said Dave Porcello, Pwnie Express CEO, in an interview with Wired.

Since the Power Pwn's Bluetooth capabilities are of the high-gain variety (up to 1,000 feet, claims Pwnie Express), the device could even be used to ensure that employees are nowhere near the device at key moments of the day – all it takes is a simple scan for their mobile devices, assuming their Bluetooth capabilities are fired up.

Even better, the sheer existence of the device can be enough to start some corporate conversations around network security that might not have happed pre-Power Pwn.

"It's actually a really great security awareness tool because we can talk about things in theory," said Tyco's Jason Malley, of the company's security and compliance department, in an interview with Wired "When you pull the thing out and say it's not theory, it definitely helps and you notice things."