Network security engineer “Richee” posted complete details about how to make a tiny Raspberry Pi computer look like a ordinary laptop power brick — and then give himself a physical backdoor into corporate networks.
Technically, the job is laughably easy.
The Pi is a tiny computer that could fit in the palm of your hand. But it’s got a 700 MHz processor, a half a gigabyte of RAM, and runs a custom version of Linux. It also has HDMI and USB ports and — critically — Ethernet. Kids, geeks, white-hat hackers, and case-modders buy the cheap $25-$35 computer and build beautiful cases for it, install apps from the Pi Store, and craft robotic bartenders with it.
With a little soldering and gluing, Richee fit the tiny Pi into an old power brick, hooked up a black Ethernet cord, and jimmied up a power supply out of a plug and a USB converter. Voila: an inconspicuous ET-phone-home hacker’s best friend.
Of course, the software is the critical part.
With a few lines of code, Richee built a little script that will phone home to his designated server over SSH (secure shell). Once the Pi phones home, he’s got an insider’s access to the network it’s on.
Of course, Richee doesn’t have nefarious intent — it’s simply a tool for remote support. In the wrong hands, however, it could go unnoticed for weeks, if companies have lax security oversight, and offer very tempting access to ostensibly-secure data.
There is one problem, of course: Laptop power bricks don’t normally have Ethernet cords hanging from them. Richee has a solution for that:
It looks weird when you stare at it, but put it behind a plant and nobody will ever notice it (except the guy who waters the plants).
And the guy who waters the plants is unlikely to know to much about network security.
Image credits: TunnelsUP
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.