Six weeks ago, I wrote about the challenges of controlling data ingress and egress on a normal business network and offered a frightening scenario based on the possibility of creating an all-but-undetectable back door in a network firewall with the use of common technologies. As if that weren't enough to worry about, it seems that evil could also be lurking in the nearest power strip.
A company called Pwnie Express is making waves with a new product called the Power Pwn, and it's clear that this is all at once a very clever, very simple, and very sinister concept. For a vast majority of the corporate networks in existence right now, the clandestine use of this product would all but guarantee a successful and undetectable network penetration. Further, the intruder could conceivably continue to operate undetected for years.
[ Get expert networking how-to advice from InfoWorld's Networking Deep Dive PDF special report and Technology: Networking newsletter. | Learn how to secure your systems with InfoWorld's Security Central newsletter. ]
Not so long ago, we were worried about unknown devices on the network and developed tools to combat this in a number of ways. Port security, 802.1x authentication, rogue AP detection, and so on allowed us some peace of mind. We could be confident there were no spies on the wires and that all the devices connected to the corporate network had a good reason to be there. These days, spurred largely by the proliferation of high-speed cellular data networks, devices like the Power Pwn are able to bypass a significant number of those guardposts and usher bad actors into our networks.
Everywhere we go, from meetings to the bank to the grocery store, we see unattended network ports. Many may lack an active switchport on the other side, but an awful lot will have access. It takes but a minute to drop something like the Power Pwn in place, perhaps in a shipping dock area or even in a waiting room, and have a remotely accessible device present on the target network. The Power Pwn evades NAC and 802.1x authentication, creates reverse SSH tunnels through Wi-Fi, 3G, or the wired network, and can even be controlled via SMS text messages. It's essentially a guaranteed pathway into a network unless it's physically detected, or the operator gets heavy-handed and triggers internal network monitoring alarms -- alarms that would have to be very delicately tuned to detect this intruder in many cases.
Not even network administrators look twice at power strips and UPSes. This one might appear odd at first due to the RJ-45 jacks and the USB port, but many power strips and UPSes have Ethernet surge suppressors built-in, and the USB port could ostensibly be a control port of some type. This isn't a Wi-Fi AP that someone tucks above a ceiling tile; this is a functional power strip that could sit underneath a secretary's desk forever without ever being noticed.
The Power Pwn doesn't really break new ground in terms of functionality -- it's just a power strip with an embedded Debian Linux box, after all -- but its capability, camouflage, and commercial availability lower the barrier to entry in virtually every respect: cost, deployment, and skills. This should be worrisome to network security folks the world over.