Security

This tiny Raspberry Pi Trojan horse could be a cute little backdoor into your corporate network

raspberry-pi-trojan-horse
Image Credit: http://www.tunnelsup.com

raspberry-pi-trojan-horse
You gotta love security geeks — they can make it so easy for you. At least, if you’re a black-hat hacker.

Network security engineer “Richee” posted complete details about how to make a tiny Raspberry Pi computer look like a ordinary laptop power brick — and then give himself a physical backdoor into corporate networks.

Technically, the job is laughably easy.

raspberry P trojan horseThe Pi is a tiny computer that could fit in the palm of your hand. But it’s got a 700 MHz processor, a half a gigabyte of RAM, and runs a custom version of Linux. It also has HDMI and USB ports and — critically — Ethernet. Kids, geeks, white-hat hackers, and case-modders buy the cheap $25-$35 computer and build beautiful cases for it, install apps from the Pi Store, and craft robotic bartenders with it.

With a little soldering and gluing, Richee fit the tiny Pi into an old power brick, hooked up a black Ethernet cord, and jimmied up a power supply out of a plug and a USB converter. Voila: an inconspicuous ET-phone-home hacker’s best friend.

Of course, the software is the critical part.

With a few lines of code, Richee built a little script that will phone home to his designated server over SSH (secure shell). Once the Pi phones home, he’s got an insider’s access to the network it’s on.

ET phone home

Of course, Richee doesn’t have nefarious intent — it’s simply a tool for remote support. In the wrong hands, however, it could go unnoticed for weeks, if companies have lax security oversight, and offer very tempting access to ostensibly-secure data.

There is one problem, of course: Laptop power bricks don’t normally have Ethernet cords hanging from them. Richee has a solution for that:

It looks weird when you stare at it, but put it behind a plant and nobody will ever notice it (except the guy who waters the plants).

And the guy who waters the plants is unlikely to know to much about network security.

Image credits: TunnelsUP