The NeoPwn is
a pocket-sized network penetration tool based on Linux and free software.
The form factor should be familiar to anyone that has paid attention to
the Linux mobile phone market as NeoPwn is based on the OpenMoko Neo
FreeRunner. When the device starts shipping, users will be able to do
network monitoring and penetration testing from an unobtrusive
platform—then call home with it.
NeoPwn comes with an impressive array of free software security
tools, including things like Metasploit, Aircrack-ng, WifiZoo, Wireshark, and many others. They all
run on top of a customized Linux 2.6.24 kernel—sources to be released
when the hardware ships, which is scheduled for October 1—from the
microSD flash module. A full Debian distribution is included on a flash
filesystem that has been
optimized for performance and size.
The company behind NeoPwn has also created a GUI interface to the system for
hardware control as well as attack automation. The interface is meant to
reduce the need for using the command line for the most common types of attacks.
Using the tools, Wired Equivalent Privacy (WEP) keys can be cracked in 5 to
14 minutes depending on whether the network has clients connected or not.
The NeoPwn is not set up to crack Wifi Protected Access (WPA) keys on the
device itself, but it can capture the handshake for use by programs on more
There are several different options for purchasing the
NeoPwn—all of them
rather pricey. The basic model is $699 for the phone (normally $399),
software, and some useful accessories. One can also just purchase the
software on a 2GB microSD card for $79. The website has a prominent
warning that might deter some, however: "Please be advised that if
you do not
choose a complete system, you will have to program the phone's bootloader
manually for the correct microSD bootloader entry, to the NAND memory. This
can be dangerous if you do not know what you are doing!"
The standard FreeRunner Wifi has firmware limitations that will not allow
monitoring or packet injection—pretty important capabilities for a
network security tool—so various USB Wifi cards come with the NeoPwn.
Also, since a custom kernel is used, one cannot make phone calls and do
penetration testing at the same time. At boot time, one must choose
between the two modes. Even with those limitations, the FreeRunner seems
like an excellent choice as a platform.
For those puzzled by the name, "pwn" is used for the word "own" in the "leetspeak" used by many
in the security community—both white and black hat. Breaking into
and controlling a network or system is then "pwning" it. NeoPwn is not
alone in using the term. Metasploit
author H D Moore's iPwn Mobile
makes UMPC-based penetration testing devices.
Both the NeoPwn and iPwn Mobile's Infiltrator look like useful
devices for those needing an off-the-shelf solution, but because they are
based on free
software, the core capabilities are available to those with a lower budget.
By showing what can be done with open mobile phones like the FreeRunner,
NeoPwn is doing a great service for both OpenMoko and the free software
community. Undoubtedly various malicious folks will get their hands on
devices like this, so it is important that security researchers and
professionals have access to them as well.
to post comments)