Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls.
Pwn Phone On Mr. Robot Show
In this week’s episode, Elliot uses a Pwnie Express Pwn Phone, which he describes as “a dream device for pentester,” to run a custom script he has written to take over someone else’s phone.
Security pros have long know about the Pwn Phone as a powerful mobile platform for penetration testing and security assessments, so it is not surprising to see it on Mr. Robot.
The coolest part is that Pwnie Express is giving away a Pwn Phone, just like the one used in the show.
The Pwn Phone is a mobile pentesting device that makes it incredibly easy to evaluate wired, wireless and Bluetooth networks. It is built on Kali Linux that comes pre-packaged with over 100 built-in and ‘one-click’ tools, and it can run third-party scripts.
The Pwn Pad exists for security pros who want a tablet version, and it’s also available via the Android Open Pwn Project.
The Pwn Phone is the latest in a series of connected device hacks on Mr. Robot that have included a Femtocell, a Raspberry Pi, and Bluetooth sniffers, along with the hack of an E-Corp exec’s connected home and the crucial meltdown of E-Corp’s data center by using a connected HVAC system.
These are real threats that are being exploited by criminals to gain unauthorized access and steal data from companies today.
In the past, Pwnie has made it clear that they do not condone the criminal use of penetration testing tools and devices. But pentesting is important, and having the tools to do it properly is part of that process.
Sometimes you need to break things to find and fix serious security vulnerabilities in the devices and networks that permeate nearly every facet of our daily lives. The bad guys have every tool available to them; white hats should be equally well-equipped.
And as for what Elliot does in the show?
He’s a pretty well-established gray character. Is he good? Or is he bad?
Either way, it was pretty cool.