Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Raspberry Pi As Hardware Backdoor

timothy posted about a year and a half ago | from the where-you-can-stick-it dept.

Security 76

An anonymous reader writes "NCC Group has released a new whitepaper at the Blackhat Europe conference on using a Raspberry PI as a hardware-based backdoor (PDF) in laptop docking stations. From the paper: 'The IT department is typically more concerned about someone stealing your laptop, so they'll ask you to secure your laptop with a Kensington-style lock, but not necessarily to secure the dock. This paper details how attackers can exploit the privileged position that laptop docking stations have within an environment. It will also describe the construction of a remotely controllable, covert hardware implant, but most importantly it will discuss some of the techniques that can be employed to detect such devices and mitigate the risks that they pose.'"

cancel ×

76 comments

Sorry! There are no comments related to the filter you selected.

Surprise!!! (5, Insightful)

bferrell (253291) | about a year and a half ago | (#43187997)

If you have physical access, you can do bad things. Is this really news or simply fear mongering?

Re:Surprise!!! (3, Insightful)

dreamchaser (49529) | about a year and a half ago | (#43188025)

You hit the nail on the head. It's just fear mongering and there is nothing new to see here.

Re:Surprise!!! (4, Interesting)

Garridan (597129) | about a year and a half ago | (#43188195)

Naw, the paper is a good read. Fun pictures, funnier security recommendations. I'd love to see the IT guy who goes around weighing people's docking stations. Poor sap would end up taking night shifts just to avoid the teasing.

Re:Surprise!!! (1)

Sulphur (1548251) | about a year and a half ago | (#43190669)

You hit the nail on the head. It's just fear mongering and there is nothing new to see here.

I find your lack of faith in the Fear disturbing.

Re:Surprise!!! (3, Insightful)

blackicye (760472) | about a year and a half ago | (#43188045)

This is similar to dropping a Sega Dreamcast into a network as an inexpensive hardware backdoor.

If your company has been physically compromised you probably need to start sweeping for bugs and bringing in the bomb sniffer dogs as well ;)

Re:Surprise!!! (1)

Sigg3.net (886486) | about a year and a half ago | (#43201785)

Yup. And at the same time many small-medium businesses run printers with web servers wholly unprotected.

Re:Surprise!!! (0)

Anonymous Coward | about a year and a half ago | (#43188061)

Does not matter, it uses the magic "raspberry pi" codeword.

Re:Surprise!!! (4, Informative)

gweihir (88907) | about a year and a half ago | (#43188227)

It is just a nice demonstration of something that has been known for a long time. As such, the _demonstration_ is news, but not the possibility itself.

I must say however, that the motto "freedom from doubt" on the paper is pure snake-oil, as IT security cannot achieve that and anybody that claims this is a liar. What IT security can to is reduce risks and make it harder for an attacker to get in. When the attacker has to spend more than the protected information is worth, you could say that you have "perfect security" or "freedom form doubt", but that does not happen in practice. The problem is that you cannot estimate the worth if your secret data to the attacker reliably. For example, your attackers may be fanatics (maybe even in the form of a fanatics-run nation state) and hence may be completely irrational and attribute value to the secret data or the successful break-in itself that is far beyond any rational estimates.

Re:Surprise!!! (0)

slick7 (1703596) | about a year and a half ago | (#43188339)

If you have physical access, you can do bad things. Is this really news or simply fear mongering?

Is a stolen llaptop really stolen or is it a honey-pot waiting to be tasted? You make the call.
Just because I have lojack in my car ( or computer ) does not necessarily mean that I put lojack stickers on it. Let the bastards find out the hard way, when the cops come busting through the door. Thou shalt not steal.

Re:Surprise!!! (0)

Anonymous Coward | about a year and a half ago | (#43188545)

Is this really news or simply fear mongering?

Maybe they are playing the straight man for all the upcoming "shut your pi hole" jokes.

Re:Surprise!!! (0)

Anonymous Coward | about a year and a half ago | (#43189295)

It is normal Slashdot style article.

Re:Surprise!!! (0)

Anonymous Coward | about a year and a half ago | (#43193591)

If you have physical access, you can do bad things. Is this really news or simply fear mongering?

It's neither so much as it is an interesting look at one of the many applications of the Pi. Look at the PDF and read up on a Pi a little bit.

Raspberry pi nothing, printers are the real danger (5, Insightful)

Dwedit (232252) | about a year and a half ago | (#43188013)

Forget raspberry pi, the real danger is your printer. Printers can have their firmware upgraded by printing a special PDF file. They are networked devices. Once hacked, they can carry out attacks, act as backdoors, or even send a copy of everything printed to an attacker.

Re:Raspberry pi nothing, printers are the real dan (2)

gweihir (88907) | about a year and a half ago | (#43188239)

The problem is just that programming a Raspberry Pi is very easy, while programming a printer is pretty hard.

Re:Raspberry pi nothing, printers are the real dan (2)

BitterOak (537666) | about a year and a half ago | (#43188507)

The problem is just that programming a Raspberry Pi is very easy, while programming a printer is pretty hard.

But all it takes is one very smart programmer to do that programming, then the exploit code can be distributed or sold to whoever wants to launch an attack.

Re:Raspberry pi nothing, printers are the real dan (1)

gweihir (88907) | about a year and a half ago | (#43188677)

Once it is distributed or sold, it becomes almost worthless. The thing with these attacks is that you need to stay undiscovered for longer times in order for the information you gather to stay valuable. This is not something that is worthwhile doing with bought attack code. People that buy their attack code typically earn very little money from their attacks.

Yes Common (0)

Anonymous Coward | about a year and a half ago | (#43188921)

There are a lot of specific printer driver systems shared on different printer servers on common hardeware/software exposed to the internet . Not so many RasPi. Though sensible folk don't do that (they VPN/SSL). Which brings you back to physical or at least authorised access and I can ferret out the idiot allowing access.

Re:Raspberry pi nothing, printers are the real dan (0)

Anonymous Coward | about a year and a half ago | (#43188561)

Or you could aim for the middle. One of the classics is to build a micro computer into the shell of a ups and route both the printer's power and the network through it. The device plays man in the middle under the guise of a printer and looks like a piece of dumb hardware. Others have even gone as far as embedding the computer in the printer itself. (reminds me of a video on how to embed a key logger into a keyboard)

Re:Raspberry pi nothing, printers are the real dan (1)

gweihir (88907) | about a year and a half ago | (#43188687)

All doable and valid. This does not devalue the idea to go into a docking station, and the docking station has some unique advantages,like access to keyboard and video output that a pure network hardware Trojan does not have.

Not, the demonstration is not any kind of breakthrough, but a nice piece of hardware hacking (if not done too competently here, see e.g. the missing actually working video-grabbing and the botched power supply issue).

Re:Raspberry pi nothing, printers are the real dan (1)

PolygamousRanchKid (1290638) | about a year and a half ago | (#43189455)

The problem is just that programming a Raspberry Pi is very easy, while programming a printer is pretty hard.

Remember the old HP printer message April Fools' gag: http://kovaya.com/miscellany/2007/10/insert-coin.html [kovaya.com] . . . ?

How about modifying that so the victims are instructed to enter their userids and passwords . . . ?

Re:Raspberry pi nothing, printers are the real dan (0)

Anonymous Coward | about a year and a half ago | (#43189823)

Once hacked, they can carry out attacks, act as backdoors, or even send a copy of everything printed to an attacker.

So you're saying I can piss of a printer hacker by printing the endless supplies of crap I read on the internet? Time to kill a tree, baby ;-)

Re:Raspberry pi nothing, printers are the real dan (0)

Anonymous Coward | about a year and a half ago | (#43197571)

We depend on our vendors to ensure there are no embedded hardware based backdoors in equipment we purchase. From what our feds, manufacturers, and spooks have found, we import LOTS of electronics, mainly from fabs in China with 'additional unknown use circuitry' on the mask that has been reverse engineered to determine a fair amount of the additional circuitry are hardware based backdoors. ... I am more concerned about the 'additional circuits' in routers, processors, and storage controllers than in printers. Not that the printers aren't a problem too.

someting so huge (4, Insightful)

silas_moeckel (234313) | about a year and a half ago | (#43188085)

Why use a R pi when you can get linux boxes the size of Ethernet jacks? Because the R Pi is "cool"?

Re:someting so huge (2)

gweihir (88907) | about a year and a half ago | (#43188269)

No, because the Pi has the power to actually follow the Ethernet stream and it has the number of needed interfaces. Your miniature Linux device cannot follow both directions passively (the Pi can once you add a second Ethernet interface via USB), and it is far too slow for even one direction. Typically, these small things cannot even handle full-sized Ethernet packets and have to pause after each packet received. The one I have also does not have a "promiscuous" mode at all, making it entirely unsuitable. So, no, not because the R Pi is "cool", but because it can get the job done.

Re:someting so huge (1)

drinkypoo (153816) | about a year and a half ago | (#43188393)

So, no, not because the R Pi is "cool", but because it can get the job done.

An old pogoplug not only has the horsepower to handle the traffic, but also the ethernet interface that will reliably deliver the packets. Which is why before we heard about the pwnie pad we heard about the pwnie plug. It has the added benefit of being cheaper than a Raspberry Pi, and the missing video output won't be missed in this context.

Re:someting so huge (1)

gweihir (88907) | about a year and a half ago | (#43188477)

A PogoPlug is not a "Linux in an Ethernet connector" solution at all. If anything, it is a variation on the Raspberry Pi and its PCB may actually be larger. Whether you use the Raspberry Pi or equivalent hardware for this attack is completely unimportant. Also, the price difference is completely unimportant, as even the Raspberry Pi costs less than one engineering hour and you may already need that hour to get the PogoPlug board out of its case.

I should also note that there is no "reliably deliver the packets" here, as this is a purely _passive_ sniffer.

I have no idea where you get your price-estimates: A PogoPlug sells for 2-3 times of what a Raspberry Pi costs. This is not a home-project. If you invest this much effort to place a thing like this, you will use new hardware and a few hundred EUR/USD will be completely immaterial.

Re:someting so huge (1)

arth1 (260657) | about a year and a half ago | (#43188665)

I have no idea where you get your price-estimates: A PogoPlug sells for 2-3 times of what a Raspberry Pi costs.

The R-pi doesn't have all you need out of the box - you need to add to it, making the final costs much higher.

Re:someting so huge (0)

drinkypoo (153816) | about a year and a half ago | (#43189819)

A PogoPlug is not a "Linux in an Ethernet connector" solution at all.

I never described it as one. But, neither is the R-Pi. That's the XJack.

If anything, it is a variation on the Raspberry Pi and its PCB may actually be larger.

You don't actually know, but you're shooting your mouth off anyway. Ever decase one?

Whether you use the Raspberry Pi or equivalent hardware for this attack is completely unimportant.

So why are you commenting?

Also, the price difference is completely unimportant, as even the Raspberry Pi costs less than one engineering hour and you may already need that hour to get the PogoPlug board out of its case.

You're not using your brain. It is very likely that an attacker will want to install a whole bunch of these.

I should also note that there is no "reliably deliver the packets" here, as this is a purely _passive_ sniffer.

Reliably deliver the packets to the device, idiot. The Raspberry Pi has PURE SHIT for ethernet. Not only is it connected to USB, which costs you substantial CPU any time the interface is particularly active, but it's also connected to shitty and incompetent USB, which many have noted means that you get shit throughput, dropped packets, et cetera. If only you knew anything, you would not even be leaving your ignorant-assed comment. The R-Pi is a fucking toy, and that's all it will ever be because of its shit ethernet.

I have no idea where you get your price-estimates: A PogoPlug sells for 2-3 times of what a Raspberry Pi costs.

No, no it does not. You can get brand new Pogoplugs all day for $20 on Amazon, shipped (If you have prime or spend enough to qualify for super saver shipping.) Again, your ignorance would be acceptable if you were not leaving a comment.

This is not a home-project. If you invest this much effort to place a thing like this, you will use new hardware and a few hundred EUR/USD will be completely immaterial.

This is a home-project. If it weren't, you would not use a device with shit ethernet like a Raspberry Pi. You'd use something with working ethernet, again, like a pogoplug.

Re:someting so huge (1)

gweihir (88907) | about a year and a half ago | (#43194927)

LOL! You quote mass-production in one answer and _then_ you quote prices that you cannot get at quantity? How stupid is that? I think it is pretty clear who is not using his brain here....

Re:someting so huge (1)

dfghjk (711126) | about a year and a half ago | (#43190165)

...costs less than one engineering hour..."

Yes, everyone who is implanting backdoors in docking stations is paying an engineer's salary to do so. ;)

"it is a variation on the Raspberry Pi..."

Here's a guy who knows his history...

Re:someting so huge (1)

gweihir (88907) | about a year and a half ago | (#43194937)

...costs less than one engineering hour..."

Yes, everyone who is implanting backdoors in docking stations is paying an engineer's salary to do so. ;)

Quite obviously so? Or do you think that amateurs can manage such a project including deployment and use in the field and using the data gained?

"it is a variation on the Raspberry Pi..."

Here's a guy who knows his history...

"A variation of" when commenting on the selection of a component does not imply any temporal order of invention.

Re:someting so huge (2)

silas_moeckel (234313) | about a year and a half ago | (#43188523)

You think the Pi is going to keep up real time on gige? Not much is running 100bt anymore. Yea the little ones are not that powerful but neither is the Pi.

Re:someting so huge (1)

gweihir (88907) | about a year and a half ago | (#43188667)

For GbE, this would not work, as the Pi does not do GbE and adding it via USB requires USB3.0, also not present on the Pi. But here is the thing: This is for attack on a corporate network, and these very rarely use GbE for the individual sockets. The standard is to run GbE or faster to the group/department/building-level switch and then distribute with 100Mb/s Ethernet only. As replacing cabling is expensive, GbE cabling is more sensitive and more expensive, GbE department switches are more expensive, and there is no need for the higher bandwidth, I expect this will remain the norm for quite some time. You can still have GbE or faster for servers.

So, yes, 100Mb/s Ethernet is still pretty much the standard.

Re:someting so huge (1)

arth1 (260657) | about a year and a half ago | (#43188699)

Perhaps where you work - where I work, we replaced 100 Mb with 1000 Mb several years ago. Every desk even has a GbE switch.

Cat 5e doesn't cost more. Cat 6 does, but you generally only use it for stretches between patch bays, not to individual computers due to the stiffness and lack of need.

Re:someting so huge (0)

drinkypoo (153816) | about a year and a half ago | (#43189953)

Another vote for the Pogoplug! It actually has GigE not on USB, whereas the R-Pi has 100bT on a flaky USB controller with bad firmware that they're not serious about updating. Given the low memory requirements you could use a dockstar, they're $14 and pretty easy to de-case with a spudger or heavy guitar pick.

ah yes the raspberry pi fanboys are here to mod (1)

drinkypoo (153816) | about a year and a half ago | (#43190317)

I've had two comments pointing out the truth about the Raspberry Pi modded down. It's a fact that it has flaky USB, and it's a fact that the ethernet is attached to it. Therefore it's a fact that it has poorly-implemented Ethernet. You can argue or abuse moderation all day and it won't change the fact that the Raspberry Pi is a poor choice for a sniffer by any critera. The single most important factor in a sniffer is working networking, which the Pi lacks.

Re:ah yes the raspberry pi fanboys are here to mod (0)

Anonymous Coward | about a year and a half ago | (#43206355)

I've had two comments pointing out the truth about the Raspberry Pi modded down. It's a fact that it has flaky USB, and it's a fact that the ethernet is attached to it. Therefore it's a fact that it has poorly-implemented Ethernet. You can argue or abuse moderation all day and it won't change the fact that the Raspberry Pi is a poor choice for a sniffer by any critera. The single most important factor in a sniffer is working networking, which the Pi lacks.

There have been a good set of bug fixes over recent weeks for USB and new implementation for split transactions using FIQ's is in testing which should fix all the remaining USB issues.

Re:someting so huge (1)

silas_moeckel (234313) | about a year and a half ago | (#43190197)

Are you stuck somewhere in the late 90's? At this point it's not possible to buy a 100bt switch to use in a corp environment. Your bottom end is all ge, 10ge uplinks in the middle and 10ge switches for larger servers. Sure some corp buildings are odd I can think of a couple fortune 500's that are using token ring (replacing it requires lots of demo work).

You really need a device with USB target support so you can grab all keyboard input. There are plenty of soc's that fit the bill much better than a R Pi. 802.1AE is getting more widespread so a usb target (or pcie) faking a nic that has 802.1AE offload might get you a lot farther. Would also want to see a wifi nic and high powered Bluetooth.

Re:someting so huge (0)

Anonymous Coward | about a year and a half ago | (#43188943)

Meh, I can throw a wifi printserver on a network in under a minute and no one will even look at it, ever. It'll run over the wired connection and connect only to a secure foriegn AP with a slightly misspelled name.

Re:someting so huge (1)

gweihir (88907) | about a year and a half ago | (#43189135)

Well, sure, if the network security people are bloody amateurs, that can work. In professionally managed environments, that thing will trigger alerts and may not even get any connectivity at all. Hint: Professionally run networks have inventories of MAC addresses known (look it up if you do not know what an "inventory" or a "MAC" is). This story is not targeted at your amateur-level "hacking", the device demonstrated uses entirely passive Ethernet sniffing for a reason. Of course there are still a lot of company networks, were the network people have no clue and you can connect anything without raising an alert.

Re:someting so huge (2)

BitZtream (692029) | about a year and a half ago | (#43191461)

The Pi can't keep up with any much of an ethernet stream. It might be able to intercept the occasional web page but thats about it.

My 'docking station' is gigabit ethernet, though most are 100mb still ... Just exactly how do you plan to have the Pi keep up with something it simply doesn't have the bandwidth to follow. People are most certainly going to notice when their email is now suddenly slower to sync at the office than it is over their cell phone.

It CAN NOT move anywhere CLOSE to 100mb/s of data through its USB subsystem. Hell, the thing goes nuts and has all sorts of crazy issues if you get anywhere near stressing the USB subsystem with 5 or 6.

USB, and due to design that means ethernet as well, is HORRIBLY BROKEN on the Pi. Using it for a network tool is a bad idea on many levels, the networking being all done over USB would be the first indicator.

Easier to extend? (1)

andersh (229403) | about a year and a half ago | (#43190551)

Is it possibly easier to add custom hardware to the Raspberrry Pi? I mean they're both Linux boxes, but one of them is designed to be extended.

You could add an FM transceiver for remote operations without communicating over LAN/WAN?

Re:Easier to extend? (1)

gl4ss (559668) | about a year and a half ago | (#43190885)

Is it possibly easier to add custom hardware to the Raspberrry Pi? I mean they're both Linux boxes, but one of them is designed to be extended.

You could add an FM transceiver for remote operations without communicating over LAN/WAN?

this project of theirs takes so much effort that you might just as well use a custom board with some soc.
the raspberry is in the mix just for media points. due to it being a raspberry they have to add a bunch of extra stuff(analog in and stuff - to be noted that it also made the mods that they actually did easy to detect! they didn't seem to have build for example anything really fancy like usb interceptors - instead recommending attacking organizations that use ps/2 keyboards etc. so the raspberry helped them to actually put something inside the docking station while avoiding doing anything of the scarier fancier, technologically interesting from just pure hacking for enabling extra functionality point of view, stuff they theorized about).

the article is just bizarre half-ass proof of concept of some james bond shit you could do after you have physical access and equally bizarre methods to detect such a mod.

Re:Easier to extend? (1)

andersh (229403) | about a year and a half ago | (#43190921)

Yes, I see your point, I suppose it's been possible for some time, but now almost anyone can do it [with other technology than the Raspberry].

Re:someting so huge (1)

servant (39835) | about a year and a half ago | (#43197585)

Why RPi? Easy, cheap, available. Yep, there are others smaller, but being 'less to engineer' and lots of 'howtos' and examples available to promote the use. Make a better equivalent (and promote it), and they will come. ... It used to be Intel and Motorola embedded products, then PIC, not things keep changing and the RPi is the current implementation. ... Wait a while and it will change again.

Re:someting so huge (1)

Sigg3.net (886486) | about a year and a half ago | (#43201797)

Because you bought one and can't figure out what to do with it;)

article wrong on voltage divider for power source (3, Interesting)

Anonymous Coward | about a year and a half ago | (#43188127)

The voltage divider shown couldn't deliver any significant current (less than 1 milliamp). The Pi is rated for about 1 Amp. Somebody is proud of their voltage divider equation but doesn't understand it. Unimpressed!

Re:article wrong on voltage divider for power sour (5, Informative)

gweihir (88907) | about a year and a half ago | (#43188305)

Hehehehe, fascinating!

In addition, these people do not know that a voltage divider is entirely unsuitable for powering anything with variable current consumption. The easy solution would be to use a switching-mode 5V 1A regulator module like the Traco Power TSR 1-2450. My guess is they never powered the Raspberry Pi from the 19V input. These people seem to understand digital electronics to some degree, but gave no clue about analog electronics.

The demo is nice nonetheless.

Re:article wrong on voltage divider for power sour (3, Informative)

Alwin Henseler (640539) | about a year and a half ago | (#43188459)

Given the overall level of detail, the stupidity in this chapter "Power considerations" kind of amazed me. Calculations look correct btw, result just doesn't hold up when you draw up to 1A.

Probably the person(s) who figured out most of the info, person writing this chapter, and person putting everything together, must be different people. Otherwise this chapter would surely have been re-written.

Re:article wrong on voltage divider for power sour (2)

gweihir (88907) | about a year and a half ago | (#43188495)

Sounds plausible to me. I also guess this was finished in some haste to get it to the conference in time. For example, the video-grabbing is not implemented, while I see no fundamental problem with that.

Re:article wrong on voltage divider for power sour (1)

deimtee (762122) | about a year and a half ago | (#43188503)

I was going to suggest a simple 7805, but the TSR-2450 would be much better heat-wise.
Damn, power supplies are getting small. That thing is 11 x 10 x 7 mm!

Re:article wrong on voltage divider for power sour (1)

gweihir (88907) | about a year and a half ago | (#43188643)

A 7805 would work, but generate a lot of heat and require a relatively large heat-sink. The TSR-2450 is pretty amazing, also because it is probably cheaper than the 7805 when you take the cost of the heat-sink and mounting materials into account.

Re:article wrong on voltage divider for power sour (0)

Anonymous Coward | about a year and a half ago | (#43188975)

Or try the classic LM2576

Cellphone (2)

gmuslera (3436) | about a year and a half ago | (#43188141)

Why to bring an obvious "strange device" at the eyes of the unsuspecting to connect to a company laptop if you can bring a cellphone for doing the same task? (if current cellphones are too braindead/locked for that, an N900 should be more than enough).

If you don't care about being subtle, just rebooting with a bootable pendrive or disarming the notebook to extract the HD should do the word, but a cellphone is something that could not raise suspicion, you can always say that is for recharging the battery (and again, with an N900, will make even more sense)

Re:Cellphone (1)

gweihir (88907) | about a year and a half ago | (#43188315)

Simple: The cellphone does not get wired Ethernet access, it does not get access to the Laptop keyboard, screen, etc. The whole pointy of this demo is that you can watch somebody while they are working.

You are describing an entirely different type of attack (valid nonetheless).

Re:Cellphone (2)

SQLGuru (980662) | about a year and a half ago | (#43188391)

I've seen USB dongles that let Android devices have pretty much anything you want. Your phone can have Ethernet access.

http://usbtips.com/usb-otg-adapter-connects-usb-accessories-to-your-android-device/ [usbtips.com]

Re:Cellphone (1)

gweihir (88907) | about a year and a half ago | (#43188437)

Yes, but how to you insert it for passive eavesdropping? Put the cellphone into the docking station? That does not make sense as it might be possible, but far, far more effort than using something like the Raspberry Pi. Face it: For this type of attack (trojaned hardware), a phone is the wrong platform.

Re:Cellphone (1)

BitZtream (692029) | about a year and a half ago | (#43191549)

Neither does the Raspberry Pi, technically.

It certainly isn't doing anything with the screen. Its 'ethernet' is over USB, and its USB implementation is utterly asstastic and has a hard time keeping up with copy/paste over SSH, let alone a real ethernet stream of data. It isn't going to be doing passive monitoring of USB keyboards worth a shit either ... again due to its absolutely shitty USB subsystem.

This article is not about Raspberry Pi... (3, Interesting)

fufufang (2603203) | about a year and a half ago | (#43188207)

It is about people hacking the docking station for laptops...

If the victim is very important to the organisation which conducts hacking, a custom made PCB might be implant into the docking station... There is no need to use Raspberry Pi, which would make the whole thing very amateur.

Re:This article is not about Raspberry Pi... (2)

Dan East (318230) | about a year and a half ago | (#43188295)

Further, Raspberry Pis cannot act as a slave USB device, only a host (it is a hardware limitation in the way the chipset was physically connected to the USB port - required components for USB slave are not in place). Thus USB could not be the physical connectivity in a dock. The only other option would be to use the GPIO pins directly to try and emulate the OEM's proprietary dock connector, however I very much doubt the pi could communicate at a high enough rate to communicate with the laptop. The bandwidth of the dock port would have to be very high to support USB, LAN, etc, all in parallel.

It would be far easier to take a stock dock and embed a USB flash drive in it hardwired to one of the existing ports. Then if autorun is still enabled on the laptop the payload would be executed.

Re:This article is not about Raspberry Pi... (5, Interesting)

Anonymous Coward | about a year and a half ago | (#43188369)

One approach we've seen on attacks on us, i.e. drives people find in the parking lot, is that the device appears as a composite device. Part of it shows up as an almost empty USB drive with a couple of innocuous Word documents, as long as you don't show hidden files and directories. However, the second and third parts are HID, when idle for too long, the new keyboard will try to do windows key+R -> "iexplore malwaresite". They also do other attacks using that means of access of a combination USB drive, keyboard and mouse.

Re:This article is not about Raspberry Pi... (1)

drinkypoo (153816) | about a year and a half ago | (#43189965)

MSP430, about $20, can be a USB device or host. But it doesn't have any processor power to speak of. It would be fine for that part of the hack, though.

Of course, an Arduino can do this job...

Re:This article is not about Raspberry Pi... (1)

guruevi (827432) | about a year and a half ago | (#43190993)

Arduino can act as both slave and master and get spi access to other busses in the device. It's not uncommon to see both pi and arduino in a project as they have each their strengths and weaknesses. For real-life production, you can then simplify it down to the same ARM and Atmel chips + peripherals on a single board.

Re:This article is not about Raspberry Pi... (2)

AHuxley (892839) | about a year and a half ago | (#43188335)

It depends on how you look at the ongoing data situation.
Can you get physical access to the site - just once?. Laptops, computers, code, admins change all the time and are getting smarter with more security options/work loads.
Spy-Pi using a Raspberry Pi Model B would allow for a secure way out for any data obtained via a network that can be updated remotely.
This might be better long term as the main OS, any thin clients, boxes, web 2.0, cloud devices, printers, laptops might be kept ~100% clean over time.
http://www.forbes.com/sites/andygreenberg/2012/01/27/darpa-funded-hackers-tiny-50-spy-computer-hides-in-offices-drops-from-drones/ [forbes.com]
is a more easy to understand idea - you "drop" a small computer in to hack from vs trying to "own" an onsite computer over time.
In this paper the " Raspberry Pi " is used vs say a PogoPlug mini-computer.
The other neat part about a Pi is you have less info on who planted it if its found. A quality custom made PCB points to a more expensive hackers, state funding, other commercial interests.
A Raspberry Pi with average code keeps the target guessing for a just a while longer.

They are late to the party.... (0)

Lumpy (12016) | about a year and a half ago | (#43188343)

we were doing this with the precursor to the Pi the "sheevaplug" over 4 years ago... doing it with a pi is not innovative or new in any way.

Re:They are late to the party.... (0)

Anonymous Coward | about a year and a half ago | (#43199385)

So the new bad thing is to dare to not worship the Pi? what fuck-knob modded him down?

I love backdoor fucking (-1)

Anonymous Coward | about a year and a half ago | (#43188527)

nothing beats humping a girl from behind, like an animal, feeling her ass against your crotch, and the heat and stink of her pussy and asshole wafting up to your nose.

Voltage divider? (0)

Anonymous Coward | about a year and a half ago | (#43189119)

Using a simple voltage divider with Vin = 19.5V is not a good idea
why they didn't use a 7805?

Re:Voltage divider? (1)

guruevi (827432) | about a year and a half ago | (#43190965)

With 20V at 1A a 7805 would stoke away 15W - that's a big heat sink

Re:Voltage divider? (1)

nsaspook (20301) | about a year and a half ago | (#43192827)

You would use something modern like a 7805SR instead of a voltage divider or an old school 7805 that needs a huge heat-sink.
http://www.murata-ps.com/data/meters/dms-78xxsr.pdf [murata-ps.com]

Those are still around? (0)

Anonymous Coward | about a year and a half ago | (#43189697)

People still create, sell, buy and use laptop docking stations and the laptops that use them?

Re:Those are still around? (1)

jawtheshark (198669) | about a year and a half ago | (#43189925)

Yes, very common in companies. Actually, I wouldn't buy laptops that lack them for the company I work for.

Or the Lightning AV adapter for that matter (1)

gelfling (6534) | about a year and a half ago | (#43190369)

It was discovered that these adapter cables contain a microcomputer in them. Why not put your backdoor in the cable itself.

Re:Or the Lightning AV adapter for that matter (1)

gl4ss (559668) | about a year and a half ago | (#43190983)

because that's hard - finding a docking stating big enough to slap a raspberry pi with a usb soundcard in it is easy.
isn't thunderbolt directly connected to the bus in the computer anyhow? or at least supposed to.

It's the little things (1)

kilodelta (843627) | about a year and a half ago | (#43190935)

It's funny, everywhere I've worked that had docks I realized it could be an attack vector. Glad that someone else realizes it too. However the solutions/defenses they provide aren't likely to happen in most I.T. groups. Really? Infrared cameras? RF sniffers?

Amazing! (0)

Anonymous Coward | about a year and a half ago | (#43192467)

A configurable, highly modifyable embedded microcontroller can be attached to other hardware to make that hardware configurable and highly modifyable! Imagine that! Its almost like that's what embedded microcontrollers were designed to do!

Ok, its true, I have a radio controlled clock, that syncs via shortwave and binary coded decimal [nist.gov] to atomic clocks, and with a Raspberry PI attached, I could turn this into a cheap* stratum 1 NTP server. *($50 for Raspberry Pi, $20 for clock, so $70 for cheap stratum 1 NTP time server, which is less than the typical $550-$950 these units normally cost). There are a million other things you can do like this, and hack-a-day shows you how.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?