Pwnie Express Open Sources Tools to Lock Down IoT/Android Security

by Ostatic Staff - Jul. 29, 2016

Pwnie Express isn't a name that everyone is familiar with, but in the security arena the company has a good reputation for its wired and wireless threat detection technologies. Now, the Boston-based firm has announced plans to open source key tools that it has used to secure the Internet of Things (IoT) and Android software.

Blue Hydra is a Bluetooth utility that can detect Bluetooth devices, and also work as a sniffer to query devices it detects for threats. Meanwhile, the Android Open Pwn Project (AOPP), is an Android ROM built for security testers. It's based on the Android Open Source Project (AOSP) and community-developed ROMS -- one of which is CyanogenMod. It lets developers on the Android front sniff out threats on mobile platforms. 

According to the company:

"With the release of Blue Hydra, Pwnie Express has provided the open source community with a new, easy to use tool to discover Bluetooth-enabled devices and automatically identify threats associated with those systems. Bluetooth is the leading machine-to-machine (M2M) communication protocol fueling the rapid expansion of devices, including IoT. Bluetooth detection is critical for effective device threat detection and must cover both Low Energy (LE) and Classic Bluetooth standards. Blue Hydra has also been integrated into Pwnie's monitoring platform, Pulse, to provide continuous Bluetooth visibility and threat detection for security teams and will be the topic of a talk at the DEF CON conference in Las Vegas.

The Android Open Pwn Project (AOPP) is the first Android ROM purpose built for penetration testing. This fully open sourced project gives users the ability to build their own mobile penetration testing platforms, based on the industry-leading Pwn Phone and Pwn Pad, on almost any Android-based device from Kindles to mobile phones."

 "Pwnie Express' roots are in the open source community," said Rick Farina, Pwnie Express Director of R&D, and co-inventor of Blue Hydra. "Developing and releasing open source tools reinforces our commitment to give back to the security community and make it easier for security teams to address the growing device threat landscape. These tools will help security professionals with Bluetooth visibility, which is key to effective device threat detection in our increasingly connected and IoT world."

"Bluetooth, both LE and Classic, is a rapidly expanding protocol and detection capabilities are an absolute necessity in the enterprise to ensure security is not being compromised via the Internet of Things," said Paul Asadoorian, CEO, Security Weekly. "These two projects reflect Pwnie's ongoing commitment to open source, helping the security community and their continued investment in security research."

You can find out more about these tools here:

Blog post about Blue Hydra

Blog post about AOPP