Forgot your password?
typodupeerror
Cellphones Handhelds Security Wireless Networking

Neopwn, the World's First Pentesting Mobile Phone 103

Posted by timothy
from the data-rate-plan dept.
thefanboy writes "What do you get when you cross BackTrack Linux apps with a mobile phone? This is the first ever publicly available mobile phone running a full custom Linux network auditing distribution, and it runs it surprisingly well. One can literally go from phone to pwn in 2 seconds. Based off of the Openmoko Neo Freerunner, many steps have been taken to compensate for the lack of a QWERTY keyboard with automation scripts, dialogs, and a point-and-pwn menu. It runs applications such as Metasploit and the Aircrack suite quite well, especially given the fact that it supports a wide array of USB WLAN cards."
This discussion has been archived. No new comments can be posted.

Neopwn, the World's First Pentesting Mobile Phone

Comments Filter:
  • by ttlgDaveh (798546) on Sunday September 21, 2008 @02:09PM (#25094737) Homepage
    'pwn' drives me nuts. In my eyes the use of it seriously undermines any project and gives the impression that it is presided over by annoying 13 years olds which, in turn, pretty much makes me dismiss it.
    • by couchslug (175151) on Sunday September 21, 2008 @02:22PM (#25094907)

      "'pwn' drives me nuts. In my eyes the use of it seriously undermines any project and gives the impression that it is presided over by annoying 13 years olds which, in turn, pretty much makes me dismiss it."

      Even if it is accompanied by trendy, fresh terms like "Neo" ???

      • Even if it is accompanied by trendy, fresh terms like "Neo" ???

        I don't know about fresh, but the term is definitely new

        .

    • Re: (Score:3, Insightful)

      by m50d (797211)
      Try and remember how you were when you were 13. I've noticed a strong tendency for annoying 13 year olds to write damn good code. They're idealistic, trying to prove themselves, and don't have anything better to do; dealing with a little language silliness is a small price to pay.

      Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.

      • I second the motion
      • by cbreaker (561297) on Sunday September 21, 2008 @02:35PM (#25095065) Journal

        "Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies."

        Then you'd be stupid.

        Sure, a young kid can write some novel little things, but serious software? No. It does in fact take teams of people do to that - in the OSS world or corporate world (or as often is the case, a mix of the two.)

        Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.

        It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.

        • Re: (Score:2, Funny)

          by Anonymous Coward

          Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.

          Ummm, no. You forgot the pr0n. Lots & lots of pr0n.

          It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.

          Probably because you got pwned.

        • by m50d (797211) on Sunday September 21, 2008 @03:35PM (#25095769) Homepage Journal
          Sure, a young kid can write some novel little things, but serious software? No. It does in fact take teams of people do to that - in the OSS world or corporate world (or as often is the case, a mix of the two.)

          No it doesn't. Any piece of software actually large enough to need a team (which is a far far smaller number than the number which are generally written by team) should be separated into smaller components. A single good coder beats a team - of any size - every time; I've lost count of the number of times I've seen a kid write a superior replacement for something that took a major corp. six months in one 36-hour shot.

          Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.

          95% of everything is shit. Yes, a lot of 13 year olds are doing shit, but they aren't the ones who are writing and releasing code.

          It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.

          You'd be surprised how many of those "kiddies" are actually in their 20s or worse.

        • Don't let them ruin your game. Ruin their's first. It's so much more fun!

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.

        I don't trust a 13 year old kid to wash my car, let alone do something like write software for me. Wait until they've gone to school and got a bit of experience doing actual work, and then we'll talk.

      • Uhhh, I don't know how everyone else was when they were 13, but when I was 13 I was watching cartoons and letting people think I was good at computers because I understood most of the settings on the computer. I didn't touch code until very late high school. If I did when I was 13 I think it would have been unmaintainable garbage.

        I also frequently used the term "pwn" in my shitty online videogames.

        Well actually, as a testament to my nerdiness, I thought it meant "pawn" first. As in, someone's so awesome t

      • by hobbit (5915)

        Nah. I was way better at coding when I was 15 than when I was 13 ;)

      • by Khomar (529552)

        I think the problem here is the definition of "good". While it might be inventive or very efficient, it will probably not be very readable or maintainable. Thirteen year old programmers aren't thinking about commenting, portability, planning for future changes, etc. Experience counts for an awful lot because you know how to avoid the pitfalls that will surprise the novice programmer. Version 1.0 will look great. But creating 2.0 could be a nightmare, and only the original coder will have a chance of pu

    • Re: (Score:3, Funny)

      I know. Any company that can't use the proper 0wn3d or cl0wn3d isn't getting my business.
    • by MrMista_B (891430)

      You're old.

  • with a protesting mobile phone?

  • Now, you might disagree with me, but I think this officially means that the NSA and other government agencies (I'm looking at you Alaska) need to work extra hard to ensure their networks are locked down good.

    Point and click becomes point and own? Maybe not that easy, but All your AP are belong to us is going to happen soon enough. One thing that Linux and F/OSS definitely does do; puts real software and OS in the hands of those that the NSA would rather not need to worry about.

    I see a rather large police st

  • Good god, I generally consider myself on top of technology but this summary seems to be written in another language, and not just 1337sp33k....
  • Place your bets (Score:5, Insightful)

    by cmacb (547347) on Sunday September 21, 2008 @02:35PM (#25095063) Homepage Journal

    Will the reaction to such devices be to strengthen the security of our cellular networks, or to simply outlaw such devices?

    Hmmmm, ponder, ponder, ponder.

    My money is on the latter.

    • It's OK for "Serious" people with the maturity to not abuse any holes they find. But putting a point-and-click level device in the hands of irresponsible people is in itself irresponsible.
    • This will be the single biggest justification that Apple and other locked down mobile device vendors will use against projects like OpenMoko. I mean, do they really have to distribute metasploit with it?

      I understand the thrill of walking around with conveniant access to script kiddie^W^Wpenetration testing tools wherever you go and are, really, I do. Business treats you bad? Take over^W^Wpwn their network. Girlfriend breaks up with you? Upload a picture of your penis as her background. Okay, so let me b

  • by David Gerard (12369) <slashdot@NospAm.davidgerard.co.uk> on Sunday September 21, 2008 @02:43PM (#25095175) Homepage

    The anti-iPhone: the Linux telephone that operates entirely from the command line! The Ultimate One-Dimensional Desktop! [today.com] What can't you do with a bash prompt?

    (The v2 version will, of course, run Emacs and be programmed entirely in eLisp written on the fly.)

    • Do you really need to link to your own Fake News blog in every post you make...? Your homepage already links to it, and your .sig already links to it. Seems a little excessive.

    • by kwabbles (259554)

      The v2 version will, of course, run Emacs

      So it has the 32gb flash memory then? Badass.

      • You forget, emacs once (jokingly) stood for "Eight Megs and Constantly Swapping." You know how much memory emacs uses today? Eight megs. Now find an app that does everything that emacs can in less than tens times that much memory.
        • by kwabbles (259554)

          You know how much memory emacs uses today? Eight megs. Now find an app that does everything that emacs can in less than tens times that much memory.

          I think you mean the text manual for emacs takes up eight megs.

    • by watice (1347709)

      The anti-iPhone: the Linux telephone that operates entirely from the command line! The Ultimate One-Dimensional Desktop! [today.com] What can't you do with a bash prompt?

      (The v2 version will, of course, run Emacs and be programmed entirely in eLisp written on the fly.)

      looks cool but waaaaaaay too expensive. I'll stick to my first gen iphone, a wifi signal, and metasploit and i'm just as happy.

  • "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."

    Evidently they can't save their own site from being pwned.

  • the source code..

    Can't see a link for it. Unless they are waiting until they start shipping to put it up..

    or maybe its for customers only.

  • Wow, not even a single post and already a 503...
  • by galaad2 (847861)

    in between a ton of 503 http replies (slashdotting in progress) i have managed to browse all those pages (F5 FTW!) and i have NOT seen a link to download the software itself or even the source code and not even a promise of future availability.

    Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.

    On their page at http://www.neopwn.com/software.php [neopwn.com] i know tha

    • by smoker2 (750216)

      Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.

      Since they haven't distributed anything yet, that is libel. Not to mention they don't have to distribute source to everybody, just with the devices. And you don't know what's on the backup DVD.

    • Re:GPL Violations (Score:4, Informative)

      by schon (31600) on Sunday September 21, 2008 @05:23PM (#25096823)

      on their site the cheapest option is $80... with a SD card and dvd thrown in but again no source code download available...

      It didn't occur to you that the source code of the GPl'ed components could be on the DVD or SD card?

      What on earth makes you think that they have to provide downloads of their software?

      • Let's check I'm not misunderstanding you. They supply the software on DVD and SD card to people who purchse it. There's no need for downloads, you say.

        What of the 'any third party' requirements of the GPL: that source code improvements on any GPL-licensed work must be conveyed to any third party who requests it? So they might send out DVD's, but I'd assume that it's cheaper to pay bandwidth on an online repository than to make up DVD images every time their repositories update.

        • That "any third party" requirement only kicks in if they DON'T supply the source code with the software. If they do supply it to anyone who gets the software, they're well within their rights to tell the original complainer to buy it or shut up.
          • I've just checked and you're right. Is that not a loophole in the spirit of the GPL: sell GPL'd software as the only place to get your particular improvements?

            (But once it's escaped your clutches it's Free Software -- whether by US-style first-sale or EU-style exhaustion of rights -- and you can't stop someone to whom it has been conveyed from making it available for download. That's what CEntOS do for RHEL.)

            • I don't think it's really a loophole. I think it's more intended to be easy on people for whom the requirement to offer it to *anyone* for three years would be too much of a pain in the ass. After all, they would have to keep the last three years' worth of versions handy. Not that this is an insurmountable requirement: lots of people do it. But for a company who's not specializing in distributing anything over the web, it's probably easier just to send the source code with the binary code.

              And as you said
  • by Bizzeh (851225)

    all that effort put into getting a story onto slashdot, and it doesnt even tell you what it actually does.

    • by rundgren (550942)

      and it doesnt even tell you what it actually does.

      Yes it does: "We have gone great lengths in making the NeoPwn user friendly when it comes to performing many of the necessary tasks in automating system controls and penetration tests." That means it does systems control and penetration testing. And of course it's a phone as well.

  • OMG! This ain't no Poniez. Is the full-on Backtrack CD (just google backtrack for the link). Most users know it on either Live-CD or USB-stick boot-up form. I don't know of any manufacturers until now, that offer it pre-installed, tweaked, and (semi?) supported.

    You think its news when Dell pre-loads Ubuntu on a laptop? In certain circles, this is *much* bigger news. It makes auditing one's own network a much more routine task, because this is a handy little wifi tool! Even *with* a live CD or USB stick,
  • by Anonymous Coward

    I'll try it out the next time I go "penetration testing" in "places where being promiscuous and undetected is essential."

  • Debian runs very well on my openmoko and its not that hard to use the commandline with rastermans keyboard. The screen has excellent resolution so reading the terminal works really well.

    This device makes things dandy for people who want an easy way to test their network. Scriptkiddies will love them to but thats just fine. The script kids are the ones who forces better security trough. The alternative is to be hacked all day by corps and govts and never nowing about it.

  • It would be funny...if it was 1991.

  • No monitor mode (Score:3, Interesting)

    by oddeirik (970950) on Monday September 22, 2008 @07:06AM (#25101751)

    or packet injection with the built-in wifi module:

    "Note that the current firmware limitations of the internal wireless does not allow for monitor mode nor packet injection. An external USB WLAN is required for this type of operation."

    I like how an external adapter can be an option, but as of now it's a requirement. This sort of ruins the image of this being "a powerful discreet network auditing tool for the penetration tester", atleast for me.
    (They do mention that it's the current firmware limiting this, but there's nothing about if and when they'll "fix" this)

  • Seriously, though... (Score:3, Interesting)

    by Simon Brooke (45012) <stillyet@googlemail.com> on Monday September 22, 2008 @08:38AM (#25102393) Homepage Journal

    This looks like the quickest way to get open source phones banned off every network that you can imagine. So it looks like a big fat juicy own goal, to me.

  • umm what (Score:3, Insightful)

    by poot_rootbeer (188613) on Monday September 22, 2008 @10:01AM (#25103413)

    Neopwn ... Pentesting ... BackTrack ... pwn ... Openmoko Neo Freerunner ... Metasploit ... Aircrack

    Can anyone point me in the direction of an article-to-English dictionary?

    • neopwn - the name of the project
      pentesting - penetration testing is running scans to find security holes in a network
      backtrack - backtrack is a linux distro that comes with all the tools to do so
      pwn - slang corruption of "own" - another way of saying taking over a machine
      openmoko - is a version of linux for running on mobile phones such as...
      neo freerunner - is the name for the physical phone
      metasploit - is a software tool for scanning/running exploits
      aircrack - is a software tool for cracking wep keys and

  • the article's title is so misleading. immunity's silica, although not cheap has been out for years. http://www.immunityinc.com/products-silica.shtml [immunityinc.com]

All constants are variables.

Working...