They're not trying to fool anyone by saying that they've made a magical new product. Its straightforward software, as a service, in a can.
Then there is dealing with the mindset that a cheap approach to security is not going to be as good; it's not an area people like to cut corners.
The power brick approach is an improvement but still makes the following assumptions:
* location of network ports is at floor level hidden under desks
* power and network cable colours match
* an employee won't disconnect a seemingly useless box when they need to charge their phone
* port security is not in use
A replacement "trojan horse" computer or printer that has been modified externally is a stealthier approach. Such devices have a reason for being connected to a power source and the network and do not raise suspicion (especially if the replacements are soiled and have worn asset stickers attached). Local IT staff will ensure the devices have network connectivity and will likely assume (in the case of a computer) that suspicious network traffic is the result of a virus.
Failing that full blown approach, even a "signal booster" could be a better disguise. An average person will think of their analogue TV and radio signal boosters. Further disguise can be added by soiling the devices, attaching asset stickers and stickers for a matching fake brand name and fake website where suspicious users can have their fears alleviated. The website has the added benefit of alerting the attacker that their device has been potentially compromised.
I like the idea of a signal booster. That is actually a great idea for disguising these things. I've seen these things before and figured it would be best to just run the Ethernet behind a printer or something and hope that people don't notice it was still continuing on past the device, but your idea is even better. Everyone complains on some level about their Internet, just install the 'signal booster' to give them a stronger connection. ;-)
Brilliant!
Somebody, out there... Hack that shit up, and post your details online for free, and make some $ like the PwnPlug for a pre-made option...
So! That's what the big boy spies are using... Normal universal Laptop chargers...Switched with peoples normal one...
Oh, snap...There goes your corporate VPN protection...
;-)
I was part way through setting it up to spoof as an active directory backup (or primary auth server) before we had the plug pulled.
Did two real pentests with it. Went back to the client with a list of 90% of their passwords and hundreds of web account authentication details (shopping sites, email, amazon, slashdot, etc.).
I'd love to build one again today. Battery powered and a lot smaller than what is seen in that Ars article. They would be so cheap that it wouldn't be worth retrieving - just letting them run for a week and being able to reverse shell into it to control it.
Hacking an android phone would be good for this. remove the screen and get 10+ days of battery life of just the OS running (remove bluetooth, etc.). package it as something that looks innocent of place it under carper or in a void space in a wall.
Does your $100 include 3G hardware? Or is it included in the $80 price tag that you mentioned in a different post downthread?
Does your pelican case looks as innocuous as this thing does plugged into the wall at XYZ Corp?
Do you think you could mod a vanilla openwrt installation to do the NAC/802.1x/RADIUS bypass in two hours?
Do you already have a reliable/repeatable process to get through basic corporate IPS/FW and get a reverse shell? Can you rattle it off the top of your head right now? If not its going to be tough to implement in two hours...
There have been cases of cleaners putting dongle keyloggers on bank PCs too http://www.theregister.co.uk/2005/04/13/sumitomu_bank/
Miniaturization will only get better, of course.
