Raspberry Pi NOW = SpyPi

The place for what's new and going on in the tech, innovation, and science world.

Raspberry Pi NOW = SpyPi

Postby DaFoxx » Mon Apr 29, 2013 2:17 pm

http://www.zdnet.com/raspberry-pi-power ... 000012747/

didn't take long for some to corrupt this from a learning tool to a POC hack attack vector, by building them INTO docking stations :shock:
The credit card sized Raspberry Pi board - the $35 machine praised for encouraging kids to learn programming - has been used to build a proof-of-concept eavesdropping device to highlight the threat of snooping devices implanted in laptop docking stations.

The 'Spy-Pi' was built by security researchers from NCC Group to demonstrate how an implant inside a docking station could be used to capture network traffic, as well as keystrokes and audio and video, from attached laptops.

Spy-Pi was built using a Raspberry Pi running a Linux OS, with an additional USB sound card, Ethernet adapter and a 3G/HSPA modem to aid in data capture and retrieval.

The assembled platform fits inside the casing of many types of laptop docking stations, researchers say, as shown below. Power is unlikely to be a problem for the implant, the paper claims, as it could be tapped from the dock's DC power input.

"Laptop docking stations are widely used in organisations, often in hot-desking environments," NCC Group research director Andy Davis writes in the report, presented at the recent Black Hat 2013 conference in Amsterdam.

"However, laptop docks are an attractive target for an attacker. They have access to the network, to all the ports on a laptop, often some that aren't and they are permanently connected to a power supply. But most importantly, they are considered to be trusted, 'dumb' devices – the perception is that they just connect all the ports on your laptop to the ports in the dock."
Beware of Geeks bearing GIF's :mrgreen:
User avatar
DaFoxx
DaBOSS
 
Posts: 8479
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: Raspberry Pi NOW = SpyPi

Postby rapier57 » Mon Apr 29, 2013 4:56 pm

The SpyPi is a bit large and obvious. There are much smaller, more discreet devices to connect to docking stations for spying purposes. They usually are never discovered until someone actually checks what is connected to the dock and asks the local tech: "Hey, what's this?" When I was doing contract for a large, international aerospace firm not long ago, I never used the docking station provided. Just plugged in power and network cable.

Still, yeah, kids stuff being used in bad ways. Most of our tech follows a similar use path, doesn't it?
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Re: Raspberry Pi NOW = SpyPi

Postby Aspman » Thu May 02, 2013 8:58 pm

Go look up 'Teensy'. I saw it demoed as a way to bypass USB endpoint control last month.
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)
User avatar
Aspman
Frustrated Mad Scientist
 
Posts: 8872
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland


Return to Tech News Zone

Who is online

Users browsing this forum: No registered users and 11 guests

cron