The Pwnie Express webstore is closing down on 30 November 2019 and we will no longer stock Bluetooth USB adapter and the USB-to-Ethernet Adapter online.

If you like to order Pwn Pulse please visit https://www.pwnieexpress.com/pulse or contact us on info@pwnieexpress.com and +1 (630) 352 2283

Pwnie Express: Beware the Internet of Evil Things

by Megan Ottolini

Threat detection specialists at Boston-based Pwnie Express have released their second annual list of “Internet of Evil Things.”

So what makes a connected device evil? CRNtv sat down with Pwnie Express’ product manager, Yolanda Smith, to discuss just that.

“What we are finding is that most people, as they’re going through their space and as new devices are coming into their environment – whether or not they’re on their network or just around their network – they’re coming into their environment in an uncertain state,” Smith said. “It could be vulnerable, it could be misconfigured, it could just be on when they don’t recognize that it’s on.”

(Original Article)

IoT Vulnerabilities Found in Nissan LEAF and in Wireless Keyboards, MiceoT Vulnerabilities Found in Nissan LEAF and in Wireless Keyboards, Mice

By Jeff Goldman

The MouseJack vulnerability and the security flaws in the LEAF are just the tip of the iceberg, according to a recent Pwnie Express survey.

Significant security flaws were recently uncovered in the Nissan LEAF electric car, and in the vast majority of wireless, non-Bluetooth keyboards and mice.

Security company Bastille uncovered the MouseJack vulnerability in wireless mice and keyboards, which it says could expose billions of PCs to remote exploitation. “MouseJack is essentially a door to the host computer,” Bastille engineer Marc Newlin, who discovered the flaw, said in a statement.

The vulnerability, which can be exploited using $15 worth of hardware from up to 100 feet away from the device, affects wireless keyboards and mice from manufacturers including Logitech, Dell and Lenovo. A full list of affected devices is here.

“MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organization’s network,” Bastille CTO and founder Chris Rouland said in a statement.

(Original Article)

Internet of Evil Things: The growing risks of connected devices

As risk and concern around connected Internet of Things (IoT) devices continues to grow, resources and visibility into such connected devices have stagnated despite the introduction of countless new entry points for malicious actors across the enterprise, according to Pwnie Express.

Internet of Evil

The survey of more than 400 global IT security professionals examines the growing phenomenon referred to as the Internet of Evil Things (IoET). As awareness of vulnerable devices grows in 2016, infosec professionals are not ready or equipped to address the growing threat.

(Original Article)

Printers on Default Settings Still Open Backdoors

Dan Raywood

February 24, 2015

InfoSecurity Magazine

Analysis of more than seven million wireless and wired devices by Pwnie Labs has found that wireless-enabled printers remain deployed in a potentially vulnerable default configuration.

The research found that 56% of wireless devices are HP printers, which can be used as a backdoor into private corporate networks. Wireless access points also remain vulnerable, with 35% of these showing weak or no encryption.

The analysis also found that Coolpad devices have overtaken Samsung as maker of devices accounting for the most prevalent vulnerable mobile hotspots, while HP Print has overtaken Xfinitywifi as the most common default open wireless network.

Paul Paget, CEO of Pwnie Express, said:

“As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organization’s most sensitive information – and this has understandably put information security professionals on edge.”

In an email to Infosecurity, Alex Farrant, senior vulnerability researcher at Context Information Security, said:

“Wireless connectivity has been standard on devices of all shapes and sizes for a long time, but due to the simple fact that it’s invisible then it is also invisible on many organizations’ network diagrams which fools people into thinking they have a secure perimeter.

“Even if an organization takes proactive steps to disable wireless interfaces, we’ve seen these changes reverted automatically after firmware updates or the press of a local reset button. This is why continuous monitoring (or even better) careful procurement is necessary.”

Terry Ip, security consultant at MWR InfoSecurity, told Infosecurity that without thinking about security from the outset, it can be difficult to rectify any shortcomings in the initial setup without causing disruption to business operations.

“As a result, many organizations unwittingly choose to leave their devices in a vulnerable state to maintain functionality,” he said.

“Printers designed for a corporate environment will not only come with an administrative dashboard and additional functions (such as email alerting), but also have SNMP enabled by default with the public community string. Attempts to rectify this by disabling SNMP or configuring a more secure community string typically results in Windows users seeing the printer appear offline.”

“So it is not uncommon on internal penetration tests to see numerous printers with default passwords still configured. Other print features can cause problems too, such as access to file shares using a domain account for retrieving print jobs or storing scanned documents on the network. Insecure configuration of a printer with this ability or weak permissions on the share could provide a foothold for attackers on your network.”

A survey of more than 400 global IT security professionals found that 86% were concerned with connected device threats, while 55% had witnessed an attack via wireless devices, and 38% had witnessed an attack via mobile devices.

(Original Article)

Study Finds Growing Danger and Angst Associated with Internet of Evil Things, While Related Security Resources and Visibility into Connected Devices Stagnate

Assessment of 7 million connected devices pinpoints Coolpad devices as most frequently vulnerable mobile hotspots and HP Printers as source of dangerous backdoor

BOSTON, Mass. — February 24, 2016 — New industry research sponsored by Pwnie Express finds that as risk and concern around connected Internet of Things (IoT) devices continues to grow, resources and visibility into such connected devices have stagnated despite the introduction of countless new entry points for malicious actors across the enterprise.

The survey of more than 400 global IT security professionals examines the growing phenomenon referred to as the Internet of Evil Things (IoET) ™. “The Internet of Evil Things: Top Connected Device Threats 2016” shows that as awareness of vulnerable devices grows in 2016, information security (InfoSec) professionals are not ready or equipped to address the growing threat.

The Connected Device Problem

Today, 86 percent of InfoSec professionals are concerned with connected device threats, with 50 percent either “Very” or “Extremely Concerned.” The majority of InfoSec professionals (67 percent) are more worried about connected device threats than they were a year ago, with first- hand experience driving heightened concern: 55 percent have witnessed an attack via wireless device, and 38 percent have witnessed an attack via mobile device.

Due to the proliferation of wireless and mobile devices and the prevalence of BYOD and BYOx environments, IT security professionals seeking visibility find themselves swimming in increasingly murky water, as 37 percent can’t even tell how many devices are connected to their networks. Additionally, 40 percent note their organization is “Unprepared” or “Not prepared at all” to find connected device threats. Diving deeper into the findings, the water seems to get even murkier:

 Most security professionals are not ready to monitor or detect less-common RF and off-network IoT Devices.

 Eighty-nine percent cannot see Bluetooth devices, and 87 percent cannot monitor 4G/LTE devices in real time.

 Seventy-one percent cannot monitor off-network WiFi devices in real time.

 Fifty-six percent cannot monitor on-network IoT devices in real time.

Subsequently, the vast majority (71 percent) is concerned with devices in a default, misconfigured, or vulnerable state, including devices with default passwords and “Wide-open” settings. Additionally, more than half (51 percent) are concerned about unauthorized mobile devices, access points and wearables. Corporate sponsored BYOD is also a source of concern (36 percent), as are personal 4G/LTE hotspots and broadband USB dongles (24 percent).

Vulnerable Device Findings: A Real-World Assessment of 7 Million Connected Devices

As part of this research initiative, Pwnie Labs, the research and development division at Pwnie Express, aggregated and analyzed more than 7 million wireless and wired devices detected by the SaaS-based Pwn Pulse platform, which enables broad-spectrum device visibility of BYOx/mobile, wireless, Bluetooth, wired, and other connected devices on and around enterprise networks, to identify the following year-over-year trends when comparing 2014 and 2015 data:

 Coolpad devices, at 30 percent, have overtaken Samsung as maker of devices accounting for the most prevalent vulnerable mobile hotspots.

 HP Print, at 56 percent, has overtaken Xfinitywifi as the most common default open wireless network.

 HP printers are the most prevalent wireless devices deployed in a highly vulnerable default configuration at 56 percent; while exposing confidential print jobs and compromising corporate client devices, these printers can be also used as a backdoor into private corporate networks.

 Wireless Access Points (APs) remain vulnerable: 35 percent of APs within the last six to 12 month show weak or no encryption.

“As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organization’s most sensitive information – and this has understandably put information security professionals on edge,” said Paul Paget, CEO, Pwnie Express. “Yet, despite ever-growing concerns around the proliferation of connected devices on and around their networks, more than one-third of organizations admit to having no BYOD policy in place at all and only 24 percent actually have a budget in place for BYOD security technology. This tells us that security professionals desperately need help educating the corner office and those in charge of the purse strings about the new evils and dangers their organizations face in our ever-evolving IoT world.”

To download a free copy of “The Internet of Evil Things: Top Connected Device Threats 2016,” please visit: http://info.pwnieexpress.com/2016-ioet-report. For questions or comments, please get in touch with us at research@pwnieexpress.com.

Methodology

“The Internet of Evil Things Report: Top Connected Device Threats in 2016” is based an online study conducted by Pwnie Express in December 2015. Survey respondents included more than 400 global information security professionals. Additionally, the report includes aggregate analysis of 7 million wireless and wired devices detected by Pwn Pulse, performed by the Pwnie Labs research team.

About Pwnie Express

Pwnie Express provides threat detection of the billions of devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence. See all the things you’re missing at pwnieexpress.com or @PwnieExpress.

(Original Posting)

Working towards a common set of IoT standards

Major industry leaders who are invested in the future of the Internet of Things, announced they will unify as the Open Connectivity Foundation (OCF), an entity whose goal will be to help unify IoT standards so that companies and developers can create IoT solutions and devices that work seamlessly together.

The OCF will work towards unlocking the massive opportunity of the future global IoT segment, accelerate industry innovation and help all developers and companies create solutions that map to a single, open IoT interoperability specification.

With OCF specifications, protocols and open source projects, a wide-range of consumer, enterprise and embedded devices and sensors from a variety of manufacturers, can securely and seamlessly interact with one another.

“Unifying IoT standards will allow many startups and entrepreneurs to enter the market effectively. What is happening now reminds me of the early Internet days, when there were too many standards. Smaller companies were waiting to figure out which to rely on before building their services,” said Dr. Hossein Rahnama, founder of contextual mobile platform, Flybits…

(Original Article)

9 Ways to Secure Your Company and Stay on Budget

These days, the question is not, “Will we be hacked?” but “When will we be hacked?” or even “How long ago were we hacked?” The Identity Theft Resource Center (ITRC) reports that 781 recorded data breaches occurred in 2015, and the business sector represented about 40 percent of them. You know you must be vigilant and constantly implement and adapt your security posture to minimize risk and automate response.  And, in many cases, you must do it all on a budget with insufficient resources. “No matter how large or small your organization is, there are some key best practices that can enhance the resiliency of your infrastructure and help you maximize your resources,” says Jayson Street, an InfoSec ranger at Pwnie Express, a provider of real-time threat detection for wireless and wired devices. “Imagine what you could do if your employees were fully trained on how to avoid threats, always used VPNs and actively changed their passwords? The training of people encompasses the first phase of the guidelines below, paving the way for the natural progression to phase two: strategic enablement of threat detection and visibility to effectively evaluate and mitigate risk. This must include physical visibility into who and what type of device has access to your company’s data. This knowledge is essential in implementing an effective layered security approach and stopping attackers before they get through the door.” Here are nine ways to better secure your network without breaking your budget, courtesy of Jayson Street. – See more at: http://www.baselinemag.com/security/slideshows/9-ways-to-secure-your-company-and-stay-on-budget.html#sthash.s7UjQL20.dpuf

See Any Bluetooth Device with Pwnie Express

Pwnie Express’ Pwn Pulse Delivers Comprehensive Bluetooth Visibility and Protection

BOSTON, MA–(Marketwired – Feb 19, 2016) –   By 2019, there will be an estimated 60 million Bluetooth-enabled devices in the open market, each of which will have the ability to influence their local environment. From Bluetooth-enabled Smart Thermostats to in-car communication systems, these devices provide a wealth of information about who we are, where we are, what we do, what we care about and how we spend money. Today, Pwnie Expressintroduced comprehensive Bluetooth visibility — helping IT security teams continuously detect any malicious device in pairing mode, as well as many devices that are already paired and communicating actively, which could be used to conduct criminal activity or put an organization at risk.

Until now, visibility of Bluetooth devices was limited to those configured in classic pairing mode. The Pwn Pulse SaaS Platform now enables users to see a more comprehensive picture of Bluetooth devices in the airspace, whether a new Bluetooth Low Energy (BLE) device or a Bluetooth Classic Device. Pwn Pulse provides comprehensive visibility and real-time reporting on discoverable and non-discoverable Bluetooth devices, giving IT security teams the granular device intelligence needed to prioritize tracking and security response, such as device type, MAC address, signal strength, etc. This expanded visibility allows organizations using Bluetooth devices to ensure device accountability for critical Bluetooth-enabled systems or confirm the presence of these common and often overlooked devices in sensitive or wireless-restricted environments.

On the ubiquity of Bluetooth devices, Paul Paget, CEO, Pwnie Express remarked, “Though consumers increasingly rely on Bluetooth-enabled devices for day-to-day tasks, many users still do not follow proper security best practices, such as turning off Bluetooth when the device is not being used. Compounding the problem, some devices automatically turn on Bluetooth without explicit user request, opening the door for malicious actors to eavesdrop on phone calls, execute Denial-of-Service attacks, track locations, and more. Additionally, our Labs Team has seen a rise in criminal activity using Bluetooth-enabled technology.”

Paget continued, “By providing the unprecedented ability to ‘see’ all Bluetooth devices in and around an enterprise network environment — whether they are discoverable or not — Pwn Pulse helps organizations mitigate risk through identification of potential attack vectors from the airspace.”

Pwn Pulse continuously monitors for the presence of all devices — from phones to drones — and provides real-time alerts and daily trend reports on the metrics that matter most. By seamlessly integrating with SIEM systems, Pwn Pulse gives you the ability to track alerts from a central location and find the devices posing threats to the organization. To learn more about Pwn Pulse, please visit here.

About Pwnie Express
Pwnie Express provides threat detection of the billions of devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence. See all the things you’re missing at pwnieexpress.com or @PwnieExpress.

Pwnie Express Named Finalist in Info Security Products Guide’s 2016 Global Excellence Awards

Boston, MA – February 9, 2016 – Today, Info Security Products Guide, the industry’s chief information security research and advisory guide, has named the Pwn Pulse platform a finalist for the 2016 Global Excellence Awards in the “Best New Product or Service of the Year Category.” Pwn Pulse is the industry’s first SaaS solution designed to continuously detect both wireless and wired devices putting an organization’s workplace at risk, including high risk BYOx, shadow IT, and purpose-built malicious hardware.

Pwn Pulse is the only solution available today to allow for real-time wireless and wired device detection, helping enterprises stay ahead of the latest possible threats presented by everything from misconfigured phones, unauthorized Bluetooth-enabled devices, and open ports to drones and card skimmers. Pwn Pulse enables IT security teams to replace legacy, expensive, manual point-in-time assessments, while enhancing existing IT security tools, people, and workflow.

“We are honored to be recognized again this year as an industry leader by the Info Security Products Guide Global Excellence Awards,” said Paul Paget, CEO of Pwnie Express. “We are seeing increasing global demand for our Pwn Pulse SaaS platform – the first and only solution that detects rogue, misconfigured, and unauthorized devices across wired and wireless spectrums – and this recognition underlines the business-critical need for increased visibility and actionable insights on all devices across the enterprise to pinpoint and prevent attacks.”

The winners will be announced during the 12th annual awards dinner and presentation on February 29, 2016 in San Francisco.

To learn more about Pwn Pulse, please visit here.

 

About Info Security Products Guide Awards

SVUS Awards organized by Silicon Valley Communications are conferred in 10 annual award programs: The Info Security’s Global Excellence Awards, The IT Industry’s Hot Companies and Best Products Awards, The Golden Bridge Business and Innovation Awards, and Consumer World Awards, CEO World Awards, Customer Sales and Service World Awards, The Globee Fastest Growing Private Companies Awards, Women World Awards, PR World Awards, and Pillar Employee Recognitions World Awards. These premier awards honor organizations of all types and sizes from all over the world including the people, products, performance, PR and marketing. To learn more, visit www.svusawards.com

 

About Pwnie Express

Pwnie Express provides threat detection of the billions of devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence. See all the things you’re missing at pwnieexpress.com or @PwnieExpress.
Media Contact
Scarlett O’Sullivan
scarlett@scratchmm.com
203.240.0462

 

(Original Press Release)

Pwnie Express Store