I suppose it's a neat concept, though I still don't get why you'd use this over another means if you already have building physical access.<p>Assuming you're pentesting, either you're trying to get someone to willingly plug it in (to ethernet and all power stuff too?), have physical access yourself (in which case why not use something cheaper), or are already allowed in (why add another device?)
Anyone else think that device is a disaster waiting to happen? The example shows sending a "whoami" command to the device via SMS, and then the device responds "root" via SMS. Uh, what's to keep someone else from hijacking it via SMS for their own purposes? A "bad guy" would have to figure out that there's one on the network, but it would still concern me to have a remote-controlled device on the network that's open to arbitrary SMS-sent commands.
"If you saw this bad boy under your desk, would you say anything?"<p>Well, at this point, wouldn't anyone who has read this article be suspicious of a power strip under their desk that wasn't there yesterday and maybe even had nothing plugged into it?
Why would you trust hardware you are not really sure you control (do you know all the backdoors and bugs in that thing?) and knowingly give it access to your networks? It's already a hacking power tool, it only needs the hacker.
So, Darpa is providing remotely accessible hacking devices to companies as test equipment and encouraging them to install them in sensitive locations of their buildings. Is this some advanced form of comedy security trolling on the part of Darpa? Like an "If you install this, then you have failed the test already", kind of thing.