The $1,295 Nexus 5-based Pwn Phone from Pwnie Express is an Android device that can do a lot of evil in order to do some good, Ars Technica reports. The device, which runs a custom Android 4.4 KitKat ROM filled with tons of potentially malicious tools, can be easily operated remotely by security personnel and was designed for network-related security purposes.
“What we’ve done is taken Android 4.4 KitKat and recompiled the kernel,” Pwnie Express’ Kevin Reilly said. “On the backend, it runs our own derivative of Kali Linux, called Pwnix. Essentially it’s running a full-blown Debian OS on the back-end of Android.“
The Pwn Phone contains 103 network monitoring and attack tools preloaded, with 26 of them ready to be launched by touch directly from the device’s home screen – some of them actually require just a touch to execute. The Pwn Phone also comes with USB host support, meaning that it can use external USB adaptors for Wi-Fi, Bluetooth and Ethernet on top of its preloaded wireless connectivity options in order to further extend its range.
“One of those ‘one-touch’ penetration testing tools is EvilAP, a tool for creating a ‘malicious’ Wi-Fi access point that can detect and respond to the Wi-Fi probe requests sent by devices as they look for previously used wireless access points,” Ars Technica explains. “EvilAP can use the phone’s wireless broadband connection or another network to then pass through network requests while the phone’s user launches other attacks on the traffic. (These can include SSL Strip ‘man-in-the-middle’ attacks against secure Web sessions.)”
Other tools that can be used to monitor a wireless network include “the network mapping tool Nmap; Strings Watch (a tool that watches for text within packets); the Tshark and Tcpdump packet analysis tools; the Metasploit and dSploit penetration testing toolkits; and the Kismet and Airodump wireless network monitoring tools.”
Furthermore, the device can be operated remotely by security personnel, in order to analyze the security of a company’s network, and includes a restore to factory settings option that can wipe the device in case it’s discovered, including the data it can collect in its 32GB of storage.
A tablet version of the Pwn Phone, aptly called Pwn Pad, runs Jelly Bean, is based on the Nexus 7 and costs $1,095.