Rogue Device Spotlight: MiniPwner
How often the rogue device is used in the wild to conduct real-world attacks, with 1 being the rarest, 10 being widely used.
While not possessing the cachet of the Pineapple, the MiniPwner is still a “brand name device” of the InfoSec world. It is built on fairly common hardware and is easy to acquire.
The cost or “DYI burden” of the device, availability (ease of acquisition), and degree of skill necessary to deploy/operate the device, with 1 being expensive/difficult to build, not publicly available, and requiring deep technical expertise to operate, 10 being low-cost, available for purchase online, plug-and-play operation.
The MiniPwner can be either purchased or built, meaning that acquiring one is fairly simple. However, the device is not built for beginners: with little thought given to simplicity or ease of use, only intermediate to advanced operators can use the tool effectively.
The potential damage caused by successful execution of the attack, with 1 being exposure of trivial information from the target, 10 being organization-wide superuser-level compromise or equivalent.
Slow and difficult to use, the MiniPwner’s battery power gives it the biggest boost in this category - with a time of almost five hours and no setup, it is considerably easier to hide than most devices in the category.
Originally created in 2012 by security researcher Kevin Bong, the MiniPwner leverages the incredibly flexible OpenWRT project to turn cheap consumer wireless routers into highly capable penetration testing devices. The initial iteration of the project was little more than stock OpenWRT running on the immensely popular TPLink MR703N, but that was enough to get the ball rolling, and the project has been steadily evolving since.
The current version of the MiniPwner project is maintained by Michael Vieau and runs on the TPLink MR3040, an enhanced variation of the MR703N which features an internal battery.
MiniPwner Hardware Specifications
- CPU: Atheros AR7240 @ 400 MHz
- RAM: 32 MB
- ROM: 4 MB
- OS: OpenWRT
- I/O: Ethernet, USB, Serial
- Radios: Atheros AR9331 802.11 b/g/n
- Storage: USB Flash Drive (16 GB included)
MiniPwner Notable Features
The TPLink MR3040 router that MiniPwner is currently being developed for is especially well suited to mobile security work thanks to its integrated 2000mAh battery; a feature uncommon to even purpose-built penetration testing devices. The battery is recharged whenever the MR3040 is connected via USB, and is estimated to last for over 5 hours during continuous wireless and wired use.
The MR3040 also features a physical switch which can be configured from within the MiniPwner web interface to run user-configured scripts known as MiniModes, not unlike the boot mode selection on the Hak5 WiFi Pineapple Mk V. In terms of its availability, the MiniPwner is unique in that it’s primarily a DIY project with optional sales of completed kits intended to help fund development. While users can purchase a MiniPwner directly from the developer, they can also download a current MiniPwner snapshot and apply it to their own MR3040 router with no loss in functionality or support.
The open source and community-driven nature of the MiniPwner project, combined with the very low cost of the hardware required, makes this a particularly appealing platform. For less than $50, an individual can have a completely self-contained mobile penetration testing device that runs the large majority of common Linux security tools.
On the other hand, the MiniPwner assumes a fairly strong working knowledge of those tools and Linux in general. There is little consideration given to automation or other user friendly enhancements in the MiniPwner software; an inexperienced operator could just as easily brick their own MiniPwner and launch an attack against a target.