Just after the start of this year, our penetration test team received a PwnPad 2014 to augment their wireless testing services. The Pwn Pad 2014 is a customised tablet from Pwnie Express aimed at Penetration Testers. Its hardware specification is similar to what you would find on a Google Nexus 7, but features a custom ROM that has been packed with a modified Kali Linux back-end and includes essential tools such as Metasploit, SET, Kismet and the Aircrack suite. It also ships with several interesting accessories such as a USB Bluetooth adaptor and an additional high-gain wireless interface.
The core concept behind the Pwn Pad 2014 is that it provides a Penetration Tester with a mobile environment that is not only easier to carry around than a 17” mobile workstation, but that also attracts less attention. Media continually promotes an unrealistic image of today’s hackers as using laptop or desktop computers (not to mention a ski mask). The reality is that with a device such as the Pwn Pad 2014, it has the capability to deploy the same attacks as a penetration tester and can be kept in someone’s pocket whilst wandering around a company’s perimeter, scanning for insecure wireless networks.
“Using the tablet made the testing considerably easier”
Previously when conducting a wireless survey at a Premiership football ground, we spent two days carrying a laptop around the ground trying not to drop the laptop or collide with people or furniture. When using the Pwn Pad 2014 at our next location, we were able to conduct the survey without the concern of dropping the workstation or bumping into hazards. Using the tablet made the testing considerably easier. The Pwn Pad 2014 comes with the Aircrack suite pre-installed and the external wireless card can be mounted right on the case making it really easy to carry with one hand.
“This device is not for those with a non-technical background”
Whilst the Pwn Pad 2014 has its many advantages (well-built device, that has more capabilities than what is initially presented), we found that the out-of-the-box functionality is slightly limited and the lack of a physical keyboard makes typing difficult. Most of these issues can easily be resolved by writing your own scripts, but it is safe to note that this device is not for those with a non-technical background.
In conclusion, the Pwn Pad can provide a Penetration Tester with an effective and discreet mobile security testing environment. Essentially, the Pwn Pad 2014 provides the same functionality of a mobile workstation without the compromising the portability.
Find out more about the Pwn Pad 2014 >>
As a CREST member company, IT Governance offers a range of penetration testing packages to help look for areas of weakness within your IT systems. Learn more about our penetration testing services here.