didn't take long for some to corrupt this from a learning tool to a POC hack attack vector, by building them INTO docking stations
The credit card sized Raspberry Pi board - the $35 machine praised for encouraging kids to learn programming - has been used to build a proof-of-concept eavesdropping device to highlight the threat of snooping devices implanted in laptop docking stations.
The 'Spy-Pi' was built by security researchers from NCC Group to demonstrate how an implant inside a docking station could be used to capture network traffic, as well as keystrokes and audio and video, from attached laptops.
Spy-Pi was built using a Raspberry Pi running a Linux OS, with an additional USB sound card, Ethernet adapter and a 3G/HSPA modem to aid in data capture and retrieval.
The assembled platform fits inside the casing of many types of laptop docking stations, researchers say, as shown below. Power is unlikely to be a problem for the implant, the paper claims, as it could be tapped from the dock's DC power input.
"Laptop docking stations are widely used in organisations, often in hot-desking environments," NCC Group research director Andy Davis writes in the report, presented at the recent Black Hat 2013 conference in Amsterdam.
"However, laptop docks are an attractive target for an attacker. They have access to the network, to all the ports on a laptop, often some that aren't and they are permanently connected to a power supply. But most importantly, they are considered to be trusted, 'dumb' devices – the perception is that they just connect all the ports on your laptop to the ports in the dock."
