Pwnie at RSA: Press Roundup

The Pwnies had an incredible time at RSA and clearly the press picked up on that! Here’s a quick roundup of the major RSA press coverage on Pwnie:


Video Coverage:

eWeek: Pwnie Express Sets Its Sights on the Enterprise

Tenable Security: Adopt the “G.I. Joe Philosophy of Securing Rogue Devices”

This Week in Enterprise Tech 137: Interop Preview by TWiT

  • Hear about Pwnie at 7:50


News Coverage:

CSO Online: Report: Internet of Evil Things is Your Next Nightmare

InfoSecurity Magazine: Internet of Evil Things Lurks in Corporate Networks

Ars Technica: This machine catches stingrays: Pwnie Express demos cellular threat detector

IoT Evolution: Security Leaders Say Beware the Internet of Evil Things

Tech Target: Internet of Things Security Risks: Reality or Marketing Hype?

Help Net Security: Internet of Everything Attack Surface Grows

Tweak Town: The race is on to help develop cybersecurity for Internet of Things


Press Releases:

Pwn Pulse Selected as Product of the Year by InfoSecurity Products Guide

Industry Report: Internet of Evil Things – The New Security Threat Vector

Pwnie Express Unveils Industry’s First Internet of Everything Threat Detection System

New Call-to-action

The Further Democratization of Stingray

Schneier on Security

The Further Democratization of Stingray

April 27, 2015

By Bruce Schneier


Stingray is the code name for an IMSI-catcher, which is basically a fake cell phone tower sold by Harris Corporation to various law enforcement agencies. (It’s actually just one of a series of devices with fish names — Amberjack is another — but it’s the name used in the media.) What is basically does is trick nearby cell phones into connecting to it. Once that happens, the IMSI-catcher can collect identification and location information of the phones and, in some cases, eavesdrop on phone conversations, text messages, and web browsing.

The use of IMSI-catchers in the US used to be a massive police secret. The FBI is so scared of explaining this capability in public that the agency makes local police sign nondisclosure agreements before using the technique, and has instructed them to lie about their use of it in court. When it seemed possible that local police in Sarasota, Florida, might release documents about Stingray cell phone interception equipment to plaintiffs in civil rights litigation against them, federal marshals seizedthe documents. More recently, St. Louis police dropped a case rather than talk about the technology in court. And Baltimore police admitted using Stingray over 25,000 times.

The truth is that it’s no longer a massive police secret. We now know a lot about IMSI-catchers. And the US government does not have a monopoly over the use of IMSI-catchers. I wrote in Data and Goliath:

There are dozens of these devices scattered around Washington, DC, and the rest of the country run by who-knows-what government or organization. Criminal uses are next.

(Original Article)

This Week in Enterprise Tech 137: Interop Preview by TWiT

This Week in Tech

137: Interop Preview by TWiT

April 24, 2015

Hosts: Fr. Robert Ballecer, SJ, Curtis Franklin and Brian Chee

Comcast merger with Time Warner is dead in the water, Microsoft’s Cloud March Continues, The Netherland’s National High Tech Crime Unit snagged a large cache of keys, Pwnie Express has a solution for Stingrays, Dell goes after Cisco in the Data Center, Google goes “Google Fiber” on Wireless Carriers, Facebook and Twitter go after spammers and trolls, news from the RSA and more.

Download or subscribe to this show at

Thanks to Cachefly for the bandwidth for this show.

Running time: 1:02:11

(Watch the show here)

Pwnie Express Sets Its Sights on the Enterprise


Pwnie Express Sets Its Sights on the Enterprise

April 24, 2015

By Sean Michael Kerner


VIDEO: Paul Paget, CEO of Pwnie Express, explains how the popular penetration testing hardware vendor is set to grow.

SAN FRANCISCO–Pwnie Express is a company that is well-known in the security researcher community for its hardware-based penetration testing tools. Now, the company is positioning itself to go into the broader enterprise market as a product and services vendor that can help organizations find rogue devices and reduce the risk for attacks.In an interview with eWEEK at the RSA Conference here, Pwnie Express CEO Paul Paget detailed what his company is doing now and what the direction is for the future.


(Original Article and Video)


Adopt the “G.I. Joe Philosophy of Securing Rogue Devices”

Tenable Security

Adopt the “G.I. Joe Philosophy of Securing Rogue Devices”

April 24, 2015


The perception that you only need to monitor traffic that’s happening on your network is extremely limiting as customers are communicating “out of band” on many channels, such as Wi-Fi and Bluetooth, that you may not be monitoring, said Jayson E. Street (@jaysonstreet), infosec ranger at Pwnie Express in our conversation at the 2015 RSA Conference in San Francisco.
There are tons of rogue devices hitting your network that you may not know about. Devices like a Wi-Fi access point, helicopter drone, networked lightbulb, or smart thermostat. These devices are accessing your network but aren’t visible through traditional internal network monitoring. “[Unbeknownst to you,] you’ve got employees who are for the best intentions putting in a wireless access point unencrypted in the conference room so that they can be better at work. They don’t realize that now an attacker can use that to pivot into their network and take that data out that never triggers an IDS system, that never triggers a firewall, and then all your data is gone,” warned Street. “These are all pivot points. These are all devices whose main intention is not to be malicious, but it can be turned very quickly into a malicious device from an attacker,” said Street. To learn more about how a rogue device could be used against you, check out Pwnie Express’ independent report, The Internet of Evil Things. “Many of these things come with no security capable, where you can’t lock it down if you wanted to. It’s just the awareness of it. Just like G.I. Joe, ‘Knowing is half the battle,’” Street said. What you need is a notification that someone put something on your network and you can combat it and respond to it, said Street. That’s a lot better of finding out weeks or months later from a breach report.

The race is on to help develop cybersecurity for Internet of Things

Tweak Town

The race is on to help develop cybersecurity for Internet of Things

April 23, 2015

By Michael Hatamoto


There are more than 16 billion connected computing devices in use across the world today, with even more Things expected to utilize the Internet of Things (IoT) in the future.

Cybersecurity experts are concerned about a large number of threats, with 83 percent worried about rogue or unauthorized devices operating undetected in their networks, according to a recent survey by Pwnie Express. To make matters even worse, 69 percent of cybersecurity professionals cannot access full wireless visibility of devices, so it’s difficult to identify what is actually connected.

As more companies and users embrace IoT, there is concern that the Internet of Evil Things (IoET) will find countless vulnerabilities to exploit in the future.

“This report underscores the need for increased visibility and actionable intelligence on all devices across the enterprise to enhance an organization’s ability to quickly identify and thwart an attack,” said Paul Paget, CEO of Pwnie Express. “It’s our hope that infosec professionals are empowered to mobilize and begin assessing their security systems’ readiness to defend business-critical infrastructure against the IoET threat.”

Focus on IoT is prevalent during RSA this year, as security vendors prepare to help businesses work on better securing their networks.

Pwn Pulse Selected as Product of the Year by Info Security Products Guide

Industry’s First Internet of Everything Threat Detection System Honored as Gold Winner in the 11th Annual 2015 Security Industry’s Global Excellence Award

BOSTON, MA–(Marketwired – Apr 22, 2015) –  RSA Conference 2015 — Pwnie Express, the world leader in remote security assessment, announced today that Info Security Products Guide, the industry’s leading information security research and advisory guide, has named Pwn Pulse the Gold Winner of the 2015 Global Excellence Awards in its “Most Awesome Product and Service of the Year” category. Pwn Pulse is the industry’s first SaaS threat detection system designed to assess the Internet of Everything, including shadow IT and high-risk BYOx, vulnerable IoT devices, and purpose-built malicious hardware.

Pwn Pulse detects all devices on and in the vicinity of an organization’s premises, and automatically alerts security teams for rogue, unauthorized, and/or vulnerable devices on the wired, wireless and Bluetooth spectrum, across all physical locations. This provides enterprises with unprecedented visibility across their distributed remote and branch sites to quickly detect and deter attacks and mitigate the growing attack surface created by the emerging threat vector from the Internet of Everything.

More than 50 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2015 Global Excellence Awards finalists and winners. Winners were announced during the 11th annual awards dinner and presentation on April 20, 2015 in San Francisco, attended by finalists, judges and industry peers.

Info Security Products Guide’s recognition of Pwn Pulse further validates our product as excellence-in-class,” said Paul Paget, CEO, Pwnie Express. “This prominent industry accolade also highlights the critical need for increased visibility and actionable intelligence on all devices across the enterprise to enhance an organization’s ability to quickly identify and thwart an attack.”

About Info Security Products Guide
Info Security Products Guide sponsors leading conferences and expos worldwide and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and market research that facilitate in making the most pertinent security decisions. The Info Security Products Guide Awards recognize and honor excellence in all areas of information security. To learn more, visit and stay secured.

About Pwnie Express
Pwnie Express, the world leader in remote security assessment, enables organizations to detect and deter attacks in wireless environments and remote locations by mitigating the growing attack surface created by the emerging threat vector from the Internet of Everything (IoE), including high-risk BYOx, vulnerable IoT devices, and purpose-built malicious hardware. Pwnie Express provides continuous visibility throughout the wired/wireless/RF spectrum, across all physical locations including remote sites and branch offices, detecting “known-bad”, unauthorized, vulnerable, and suspicious devices. Thousands of organizations worldwide rely on Pwnie products for unprecedented insight into their distributed network infrastructures. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. It is headquartered in Boston, Massachusetts. To learn more, visit or @PwnieExpress.

This machine catches stingrays: Pwnie Express demos cellular threat detector

Ars Technica

This machine catches stingrays: Pwnie Express demos cellular threat detector

April 20, 2015

By Sean Gallagher
An exclusive first look at Pwnie’s new tool for catching cellular network attacks

A modified Pwn Pro sensor with cellular network monitoring capabilities on display at the RSA conference today.


At the RSA Conference in San Francisco today, the network penetration testing and monitoring tool company Pwnie Express will demonstrate its newest creation: a sensor that detects rogue cellular network transceivers, including “Stingray” devices and other hardware used by law enforcement to surreptitiously monitor and track cell phones and users.

In an exclusive demonstration for Ars, Pwnie Express CTO Dave Porcello and Director of Research and Development Rick Farina showed off the company’s new cell network threat detection capabilities, which integrate into Pwnie’s Pulse security auditing service. The capability will give companies the ability to monitor cellular networks around them and detect anomalies caused by rogue cellular base stations, IMSI catchers, and devices used to extend cellular coverage into areas where it may not be authorized.

Of all the potential security threats to companies and individuals that have emerged over the past few years, perhaps the hardest to crack is rogue cellular base stations. Whether they’re used to attack the privacy of a cell phone user’s communications or as a backdoor out of places where cell phone usage is restricted, configuring unauthorized cell “towers” has become increasingly simple. It doesn’t necessarily even require law enforcement-grade hardware. Anyone with a HackRF card or other software-defined radio kit and open-source software can turn a laptop computer into a cellular network transceiver—or even a cellular jammer.


(Original Article)

Pwnie Express – Cell Network Threat Detection Announcement

The Cell Network: A Previously Invisible Attack Surface

Since its inception, the global cellular infrastructure has relied heavily on the luxury of “security through obscurity”. Historically, the specialized equipment required to monitor cellular network operation, much less interfere with its operation, has been generally unavailable and unlicensed outside the telecommunications industry.

But rapid advances in the field of low-cost software defined radio has made it possible to create unlicensed “rogue” cell networks with ease. As far back as 2010, security researcher Chris Paget demonstrated the ability to spoof a cell network using a standard laptop and a few hundred dollars in commercially-available hardware. These rogue networks are generally indistinguishable from legitimate cellular networks, fooling mobile devices into connecting and allowing transparent interception of cellular voice and data communications.

Rogue cellular networks are considerably more widespread in the United States than previously anticipated. Recent research by GSMK, creators of the CryptoPhone, uncovered a surprising number of rogue cellular networks operating in the Washington DC area alone. While most security professionals are well aware of this emerging threat, the lack of commercially-viable cellular monitoring tools leaves today’s enterprises defenseless, unable to detect and respond to these attacks.

“As the modern workforce increasingly migrates to 4G and LTE for the majority of their business communications,” says TrustedSec founder and industry expert David Kennedy, “the lack of any type of visibility on the cellular spectrum leaves today’s enterprises flying blind and away from traditional detection capabilities.”


The Pwnie Response: Cell Network Threat Detection

To answer this growing enterprise concern, Pwnie Express will be publicly demonstrating a live prototype for detecting cell network threats at the 2015 RSA conference. Currently slated for general availability to Pwn Pulse customers in Q3 2015, this capability will extend Pwnie Express’s award winning sensor technology to monitor an organization’s airspace for high-risk cellular activity in near real-time.

“By forgoing the need for expensive, specialized equipment, this will be the first practical cell network threat detection technology available in a turnkey commercial product”, says Pwnie Express founder & CTO Dave Porcello. This first-to-market capability will alert on a range of high-risk cell network threats, including malicious cellular base stations, unlicensed “rogue” cell networks, IMSI catchers (AKA “interceptors”), unauthorized microcells/femtocells, and even cell jammers – all of which spell a hostile environment for today’s mobile enterprise.

With cellular threat detection, Pwn Pulse will add yet another game-changing capability to its repertoire. By monitoring wired, WiFi, Bluetooth, and now cellular devices in near real-time, Pwn Pulse gives security professionals a comprehensive view of not only their own network, but the organic network of wireless hardware that exists inside and outside of their physical location. “I’m tremendously excited about this new capability”, says Porcello. “For the first time, enterprises and InfoSec professionals will finally gain some insight into the previously invisible world of cellular device threats.”

Security Leaders Say Beware the Internet of Evil Things

IoT Evolution

Security Leaders Say Beware the Internet of Evil Things

April 17, 2015

By Ken Briodagh


A new report released on April 15 by Pwnie Express, a remote security monitoring vendor, warns about the risks inherent in the so-called “Internet of Evil Things” (IoET) and defines the key factors and threats facing businesses today. It also offers a framework for a comprehensive defense against the IoET.

(Original Article)