[Noisebridge-discuss] Security implications of plug computers

Christie Dudley longobord at gmail.com
Tue Mar 1 05:32:04 UTC 2011 

I met someone at RSA who is putting together these plugs for pen testers:
http://pwnieexpress.com/
They make one version that has 3G so you don't even need to be able to get
out if you can get it in.

<http://pwnieexpress.com/>Christie
_______
We feel the pain of suffering not because we are weak, but because we are
strong.



On Mon, Feb 28, 2011 at 2:05 PM, Dr. Jesus <j at hug.gs> wrote:

> Cute.  I'll bet you could add a LTE dongle and then the plug would
> have a faster pipe than the site itself :)
>
> On Mon, Feb 28, 2011 at 1:45 PM, Andrew Cantino <cantino at gmail.com> wrote:
> > Good reply, thanks Dr. Jesus.  There's also
> > http://pwnieexpress.com/pwnplug3g.html
> >
> > On Mon, Feb 28, 2011 at 11:46 AM, Dr. Jesus <j at hug.gs> wrote:
> >> On Mon, Feb 28, 2011 at 9:41 AM, Andrew Cantino <cantino at gmail.com>
> wrote:
> >>> I just wrote an article about how plug computers are a big potential
> >>> security problem.  What do you think?  Have any of you played with a
> >>> SheevaPlug yet?
> >>>
> >>>
> http://blog.andrewcantino.com/post/3565673304/why-plug-computers-are-a-security-nightmare
> >>
> >> At least you can get datasheets and source code for the firmware.  Can
> >> you say the same for your phone's radio processor or SIM?
> >>
> >> A few points: the wireless parts being used in the plug computers are
> >> all hard MAC, so they don't do sniffing or injection out of the box.
> >> You can also load the OLPC thinfirm package on them to get raw
> >> injection/capture but it's just not stable.  You're right that it's
> >> possible to add some USB wireless interfaces, but then it becomes much
> >> less inconspicuous.
> >>
> >> Sure, they're cheap platforms with lots of fast I/O options, but
> >> attackers continue to have access to options which involve $0 of
> >> hardware.  I'm a lot more worried about those problems than I'm
> >> worried about someone being able to physically install hardware in a
> >> controlled area.
> >>
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20110228/2ed7d80e/attachment-0002.html>

More information about the Noisebridge-discuss mailing list