When Chinese web developer “SexyCyborg” began watching industry favourite TV show Mr Robot, she became enthralled with hacking and testing tools.
Taking her existing IT skills as a base, she began researching information security and penetration testing. As her knowledge grew, so too did her inquisitiveness.
Wondering how she may use her new-found skills to penetrate a corporate facility, her first thought was social engineering.
Describing herself as “a natural honeypot” – another of her inventions, the LED miniskirt certainly attracts attention to her physique – she had no doubts about her ability to gain an invite into just about any office, but wondered how she would sneak a bag or phone past security.
Given her penchant for revealing clothing, she was left with few options for hiding away her pen testing tools, or “other payloads” until she hit upon the idea of using her shoes.
In a photo-laden post (it’s somewhat titillating so you may want to exercise some discretion when opening), she demonstrates the results – a 3D-printed pair of high heels she named “Wu Ying Shoes! – Penetration Testing Platform Heels!”
Named after folk hero Wong Fei Hung’s famous “shadowless kick,” the custom footwear sports a concealed compartment in each shoe, featuring a drawer that can be accessed even without having to take them off.
Secreted away in the right shoe, there is enough space in which to store a wireless router (complete with rechargeable battery), running the easily installed OpenWRT framework. Via a carefully worded explanation, SexyCyborg explained what could potentially be run on such a router:
This router may-or-may-not be running a custom version of Wispi for the TP-Link TL-MR10U, because if it was it would probably be illegal in China, so maybe its not. But if it was I could run Jasager/Karma which lets you fake being a friendly/known wifi access point and setup a fake login page to capture passwords, among other cool tricks.
Hidden in a drawer in the left shoe are more tools of the trade, including a USB keystroke logger, retractable ethernet cable for the OpenWRT router, a shim for prising padlocks open and lockpicks.
Despite packing such an interesting collection of tools, SexyCyborg guesses no-one would notice her footwear:
With my shadowless shoes I distract the target with my...upper body and they don't see the real danger on my feet:-)
The enterprising hacker has made her size 8, 3D printer blueprints available for download, though we would point out that “going equipped” may not be the brightest of ideas in some jurisdictions. As SexyCyborg says herself:
Wispi and Pentest drop boxes should, of course, only be experimented with at home for educational purposes. While it's good to know about this stuff, always obey your local laws.
While I don’t expect to see such a fashionable hacking utility in mass production any time soon, the ease and cunning with which such tools can be hidden and used for warwalking – a more sedentary form of Wi-Fi analysis than the warbiking demonstrated by James Lyne when he cycled around London three years ago – should act as a timely reminder to not only always be on your guard, but to consider the encryption used on your networks.
Image of pen-test heels courtesy of SexyCyborg.