Monday, 1 September 2014

Filled Under: ,

Google’s Android Reborn as Network-Hacking Kit


The Pwn Pad Photo: AmanAhad
The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it’s a full-fledged hacking toolkit built atop Google’s Android operating system.
Pwnie Express will be selling the cool-looking hack machines — based on Google’s Nexus 7 tablets — for $795. They’ll be introduced at the RSA security conference in San Francisco next week, but Pwnie Express is also releasing the Pwn Pad source code, meaning that hackers can download the software and get it up and running on other types of Android phones and tablets.
Some important hacking tools have already been ported to Android, but Pwnie Express says that they’ve added some new ones. Most importantly, this is the first time that they’ve been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device.
“Every pen tester we know has a phone and a tablet and a laptop, but none of them has been able to do pen-testing from the tablet,” says Dave Porcello, Pwnie Express’s CEO.
The trick here is that Android’s streamlined version of the Linux operating system does not support the kernel-level wireless features that these tools need to mess around with the data on wireless networks (something known as packet injection).
Pwnie Express solved the problem by getting a TP-Link wireless adapter to support packet injection on Android. (It’s the white device with an antenna that’s plugged into the Android phone in the picture, above.) This may be a little more cumbersome than hacking the wireless chip that Android ships with, but the TP-Link’s antenna give it perhaps 10 times the range, Porcello says.
A year ago, we introduced you to the Pwn Plug, another Pwnie Express product. It’s a little white box used by security testers and administrators to open back doors to corporate networks. There’s also the Pwn Plug, a version of the tool that looks like a regular old power strip. And Pwnie Express already sells a pen-testing phone, but it’s based on an aging Nokia phone that runs Linux, not Android.
Pwnie Express thinks that the Pwn Pad will be popular with security pros who will want to have fun and impress clients by whipping out a brand-new tablet and showing how they can identify a slew of security problems with just a few taps.
It’s easier to use, more portable and frankly, “just slicker” than doing this with a laptop, says Porcello. “Our customers are geeks and they love the latest stuff.”
So will there be an iPad version of the Pwn Pad? Don’t bank on it.
That’s because the kind of kernel-level modifications that Pwnie Express needs to do to make the tablets run their software would not sit well with Apple, which doesn’t like it when developers jailbreak or otherwise mess with their IOS software. “I even called them and said we’d like to purchase 10,000 iPads, but we’d need to modify it slightly,” Porcello says.
Apple said “no.”