Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Funding a $50 Drone-Droppable Spy Computer

Posted by Soulskill on from the this-is-how-you-name-your-device dept.

Sparrowvsrevolution writes "At the Shmoocon security conference, researcher Brendan O'Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the disassembled hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5"-by-4"-by-1" spy computer. With a contract from DARPA, O'Connor has designed the cheap gadgets to be spy nodes, ready to be dropped from a drone, plugged inconspicuously into a wall socket, (one model impersonates a carbon monoxide detector) thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wi-Fi network. O'Connor built his prototypes with gear that added up to just $46 each, so sacrificing one for a single use is affordable."

1 of 86 comments (clear)

  1. Spook Backdoors in Cisco Routers (continued) by Anonymous Coward · · Score: -1, Offtopic

    Spook BackDoors In Cisco Routers
    - Older news, but still relevant!!
    Please save this story and repost it everywhere
    Especially in Security Discussion Forum Sites
    - You should use OpenBSD or a hardened Linux distro
    For a router, NOT these blackboxes offered with
    proprietary hardware & firmware!

    http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html

    "Special Report
    Cisco's Backdoor For Hackers
    Andy Greenberg, 02.03.10, 01:45 PM EST
    The methods networking companies use to let the Feds watch suspects also expose the rest of us.

    ARLINGTON, Va. -- Activists have long grumbled about the privacy implications of the legal "backdoors" that networking companies like Cisco build into their equipment--functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don't have particularly strong locks, and consumers are at risk.

    In a presentation at the Black Hat security conference Wednesday, IBM ( IBM - news - people ) Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's ( CSCO - news - people ) IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims' online behavior.

    But the result, Cross says, is that any credentialed employee can implement the intercept to watch users, and the ISP has no method of tracking those privacy violations. "An insider who knows the password can use it without an audit trail and send the data to anywhere on the Internet," Cross says.

    Cross told Cisco about his findings in December 2008, but with the exception of the patch Cisco released following the revelation of its router bug in 2008, the security flaws he discussed haven't been fixed. In an interview following Cross' talk, Cisco spokeswoman Jennifer Greeson said that the company is "confident in its framework." "We recognize that security is complicated," she said. "We're looking at [Cross'] findings and we'll take them into account."

    Cisco isn't actually the primary target of Cross' critique. He points out that all networking companies are legally required to build lawful intercepts into their equipment.

    Special Report
    Cisco's Backdoor For Hackers
    Andy Greenberg, 02.03.10, 01:45 PM EST
    The methods networking companies use to let the Feds watch suspects also expose the rest of us.

    ARLINGTON, Va. -- Cisco, in fact, is the only networking company that follows the recommendations of the Internet Engineering Task Force standards body and makes its lawful intercept architecture public, exposing it to peer review and security scrutiny. The other companies keep theirs in the dark, and they likely suffer from the same security flaws or worse. "Cisco did the right thing by publishing this," says Cross. "Although I found some weaknesses, at least we know what they are and how to mitigate them."

    The exploitation of lawful intercept is more than theoretical. Security and privacy guru Bruce Schneier wrote last month that the Google ( GOOG - news - people ) hackings in China were enabled by Google's procedures for sharing information with U.S. law enforcement officials. And in 2004 and 2005, a group of hackers used intercept vulnerabilities in Ericsson ( ERIC - news - people ) network switches to spy on a wide range of political targets including the cellphone of Greece's prime minister.

    All of that, argues IBM's Cross, means that Internet-related companies need to be more transparent about their lawful intercept procedures or risk exposing all of their users. "There are a lot of other technology companies out there that haven't published their architecture