Mobile phone or penetration tool?

The NeoPwn is a pocket-sized network penetration tool based on Linux and free software. The form factor should be familiar to anyone that has paid attention to the Linux mobile phone market as NeoPwn is based on the OpenMoko Neo FreeRunner. When the device starts shipping, users will be able to do network monitoring and penetration testing from an unobtrusive platform—then call home with it.

NeoPwn comes with an impressive array of free software security tools, including things like Metasploit, Aircrack-ng, WifiZoo, Wireshark, and many others. They all run on top of a customized Linux 2.6.24 kernel—sources to be released when the hardware ships, which is scheduled for October 1—from the microSD flash module. A full Debian distribution is included on a flash filesystem that has been optimized for performance and size.

The company behind NeoPwn has also created a GUI interface to the system for hardware control as well as attack automation. The interface is meant to reduce the need for using the command line for the most common types of attacks. Using the tools, Wired Equivalent Privacy (WEP) keys can be cracked in 5 to 14 minutes depending on whether the network has clients connected or not. The NeoPwn is not set up to crack Wifi Protected Access (WPA) keys on the device itself, but it can capture the handshake for use by programs on more powerful systems.

There are several different options for purchasing the NeoPwn—all of them rather pricey. The basic model is $699 for the phone (normally $399), software, and some useful accessories. One can also just purchase the software on a 2GB microSD card for $79. The website has a prominent warning that might deter some, however: "Please be advised that if you do not choose a complete system, you will have to program the phone's bootloader manually for the correct microSD bootloader entry, to the NAND memory. This can be dangerous if you do not know what you are doing!"

The standard FreeRunner Wifi has firmware limitations that will not allow monitoring or packet injection—pretty important capabilities for a network security tool—so various USB Wifi cards come with the NeoPwn. Also, since a custom kernel is used, one cannot make phone calls and do penetration testing at the same time. At boot time, one must choose between the two modes. Even with those limitations, the FreeRunner seems like an excellent choice as a platform.

For those puzzled by the name, "pwn" is used for the word "own" in the "leetspeak" used by many in the security community—both white and black hat. Breaking into and controlling a network or system is then "pwning" it. NeoPwn is not alone in using the term. Metasploit author H D Moore's iPwn Mobile makes UMPC-based penetration testing devices.

Both the NeoPwn and iPwn Mobile's Infiltrator look like useful devices for those needing an off-the-shelf solution, but because they are based on free software, the core capabilities are available to those with a lower budget. By showing what can be done with open mobile phones like the FreeRunner, NeoPwn is doing a great service for both OpenMoko and the free software community. Undoubtedly various malicious folks will get their hands on devices like this, so it is important that security researchers and professionals have access to them as well.