Slashdot Mirror

← Back to Stories (view on slashdot.org)

Raspberry Pi As Hardware Backdoor

Posted by timothy on from the where-you-can-stick-it dept.

An anonymous reader writes "NCC Group has released a new whitepaper at the Blackhat Europe conference on using a Raspberry PI as a hardware-based backdoor (PDF) in laptop docking stations. From the paper: 'The IT department is typically more concerned about someone stealing your laptop, so they'll ask you to secure your laptop with a Kensington-style lock, but not necessarily to secure the dock. This paper details how attackers can exploit the privileged position that laptop docking stations have within an environment. It will also describe the construction of a remotely controllable, covert hardware implant, but most importantly it will discuss some of the techniques that can be employed to detect such devices and mitigate the risks that they pose.'"

22 of 76 comments (clear)

  1. Surprise!!! by bferrell · · Score: 5, Insightful

    If you have physical access, you can do bad things. Is this really news or simply fear mongering?

    1. Re:Surprise!!! by dreamchaser · · Score: 3, Insightful

      You hit the nail on the head. It's just fear mongering and there is nothing new to see here.

    2. Re:Surprise!!! by blackicye · · Score: 3, Insightful

      This is similar to dropping a Sega Dreamcast into a network as an inexpensive hardware backdoor.

      If your company has been physically compromised you probably need to start sweeping for bugs and bringing in the bomb sniffer dogs as well ;)

    3. Re:Surprise!!! by Garridan · · Score: 4, Interesting

      Naw, the paper is a good read. Fun pictures, funnier security recommendations. I'd love to see the IT guy who goes around weighing people's docking stations. Poor sap would end up taking night shifts just to avoid the teasing.

    4. Re:Surprise!!! by gweihir · · Score: 4, Informative

      It is just a nice demonstration of something that has been known for a long time. As such, the _demonstration_ is news, but not the possibility itself.

      I must say however, that the motto "freedom from doubt" on the paper is pure snake-oil, as IT security cannot achieve that and anybody that claims this is a liar. What IT security can to is reduce risks and make it harder for an attacker to get in. When the attacker has to spend more than the protected information is worth, you could say that you have "perfect security" or "freedom form doubt", but that does not happen in practice. The problem is that you cannot estimate the worth if your secret data to the attacker reliably. For example, your attackers may be fanatics (maybe even in the form of a fanatics-run nation state) and hence may be completely irrational and attribute value to the secret data or the successful break-in itself that is far beyond any rational estimates.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Raspberry pi nothing, printers are the real danger by Dwedit · · Score: 5, Insightful

    Forget raspberry pi, the real danger is your printer. Printers can have their firmware upgraded by printing a special PDF file. They are networked devices. Once hacked, they can carry out attacks, act as backdoors, or even send a copy of everything printed to an attacker.

  3. someting so huge by silas_moeckel · · Score: 4, Insightful

    Why use a R pi when you can get linux boxes the size of Ethernet jacks? Because the R Pi is "cool"?

    --
    No sir I dont like it.
    1. Re:someting so huge by gweihir · · Score: 2

      No, because the Pi has the power to actually follow the Ethernet stream and it has the number of needed interfaces. Your miniature Linux device cannot follow both directions passively (the Pi can once you add a second Ethernet interface via USB), and it is far too slow for even one direction. Typically, these small things cannot even handle full-sized Ethernet packets and have to pause after each packet received. The one I have also does not have a "promiscuous" mode at all, making it entirely unsuitable. So, no, not because the R Pi is "cool", but because it can get the job done.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:someting so huge by silas_moeckel · · Score: 2

      You think the Pi is going to keep up real time on gige? Not much is running 100bt anymore. Yea the little ones are not that powerful but neither is the Pi.

      --
      No sir I dont like it.
    3. Re:someting so huge by BitZtream · · Score: 2

      The Pi can't keep up with any much of an ethernet stream. It might be able to intercept the occasional web page but thats about it.

      My 'docking station' is gigabit ethernet, though most are 100mb still ... Just exactly how do you plan to have the Pi keep up with something it simply doesn't have the bandwidth to follow. People are most certainly going to notice when their email is now suddenly slower to sync at the office than it is over their cell phone.

      It CAN NOT move anywhere CLOSE to 100mb/s of data through its USB subsystem. Hell, the thing goes nuts and has all sorts of crazy issues if you get anywhere near stressing the USB subsystem with 5 or 6.

      USB, and due to design that means ethernet as well, is HORRIBLY BROKEN on the Pi. Using it for a network tool is a bad idea on many levels, the networking being all done over USB would be the first indicator.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  4. article wrong on voltage divider for power source by Anonymous Coward · · Score: 3, Interesting

    The voltage divider shown couldn't deliver any significant current (less than 1 milliamp). The Pi is rated for about 1 Amp. Somebody is proud of their voltage divider equation but doesn't understand it. Unimpressed!

  5. Cellphone by gmuslera · · Score: 2

    Why to bring an obvious "strange device" at the eyes of the unsuspecting to connect to a company laptop if you can bring a cellphone for doing the same task? (if current cellphones are too braindead/locked for that, an N900 should be more than enough).

    If you don't care about being subtle, just rebooting with a bootable pendrive or disarming the notebook to extract the HD should do the word, but a cellphone is something that could not raise suspicion, you can always say that is for recharging the battery (and again, with an N900, will make even more sense)

    1. Re:Cellphone by SQLGuru · · Score: 2

      I've seen USB dongles that let Android devices have pretty much anything you want. Your phone can have Ethernet access.

      http://usbtips.com/usb-otg-adapter-connects-usb-accessories-to-your-android-device/

  6. This article is not about Raspberry Pi... by fufufang · · Score: 3, Interesting

    It is about people hacking the docking station for laptops...

    If the victim is very important to the organisation which conducts hacking, a custom made PCB might be implant into the docking station... There is no need to use Raspberry Pi, which would make the whole thing very amateur.

    1. Re:This article is not about Raspberry Pi... by Dan+East · · Score: 2

      Further, Raspberry Pis cannot act as a slave USB device, only a host (it is a hardware limitation in the way the chipset was physically connected to the USB port - required components for USB slave are not in place). Thus USB could not be the physical connectivity in a dock. The only other option would be to use the GPIO pins directly to try and emulate the OEM's proprietary dock connector, however I very much doubt the pi could communicate at a high enough rate to communicate with the laptop. The bandwidth of the dock port would have to be very high to support USB, LAN, etc, all in parallel.

      It would be far easier to take a stock dock and embed a USB flash drive in it hardwired to one of the existing ports. Then if autorun is still enabled on the laptop the payload would be executed.

      --
      Better known as 318230.
    2. Re:This article is not about Raspberry Pi... by AHuxley · · Score: 2

      It depends on how you look at the ongoing data situation.
      Can you get physical access to the site - just once?. Laptops, computers, code, admins change all the time and are getting smarter with more security options/work loads.
      Spy-Pi using a Raspberry Pi Model B would allow for a secure way out for any data obtained via a network that can be updated remotely.
      This might be better long term as the main OS, any thin clients, boxes, web 2.0, cloud devices, printers, laptops might be kept ~100% clean over time.
      http://www.forbes.com/sites/andygreenberg/2012/01/27/darpa-funded-hackers-tiny-50-spy-computer-hides-in-offices-drops-from-drones/
      is a more easy to understand idea - you "drop" a small computer in to hack from vs trying to "own" an onsite computer over time.
      In this paper the " Raspberry Pi " is used vs say a PogoPlug mini-computer.
      The other neat part about a Pi is you have less info on who planted it if its found. A quality custom made PCB points to a more expensive hackers, state funding, other commercial interests.
      A Raspberry Pi with average code keeps the target guessing for a just a while longer.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:This article is not about Raspberry Pi... by Anonymous Coward · · Score: 5, Interesting

      One approach we've seen on attacks on us, i.e. drives people find in the parking lot, is that the device appears as a composite device. Part of it shows up as an almost empty USB drive with a couple of innocuous Word documents, as long as you don't show hidden files and directories. However, the second and third parts are HID, when idle for too long, the new keyboard will try to do windows key+R -> "iexplore malwaresite". They also do other attacks using that means of access of a combination USB drive, keyboard and mouse.

  7. Re:Raspberry pi nothing, printers are the real dan by gweihir · · Score: 2

    The problem is just that programming a Raspberry Pi is very easy, while programming a printer is pretty hard.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  8. Re:article wrong on voltage divider for power sour by gweihir · · Score: 5, Informative

    Hehehehe, fascinating!

    In addition, these people do not know that a voltage divider is entirely unsuitable for powering anything with variable current consumption. The easy solution would be to use a switching-mode 5V 1A regulator module like the Traco Power TSR 1-2450. My guess is they never powered the Raspberry Pi from the 19V input. These people seem to understand digital electronics to some degree, but gave no clue about analog electronics.

    The demo is nice nonetheless.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  9. Re:article wrong on voltage divider for power sour by Alwin+Henseler · · Score: 3, Informative

    Given the overall level of detail, the stupidity in this chapter "Power considerations" kind of amazed me. Calculations look correct btw, result just doesn't hold up when you draw up to 1A.

    Probably the person(s) who figured out most of the info, person writing this chapter, and person putting everything together, must be different people. Otherwise this chapter would surely have been re-written.

  10. Re:article wrong on voltage divider for power sour by gweihir · · Score: 2

    Sounds plausible to me. I also guess this was finished in some haste to get it to the conference in time. For example, the video-grabbing is not implemented, while I see no fundamental problem with that.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Re:Raspberry pi nothing, printers are the real dan by BitterOak · · Score: 2

    The problem is just that programming a Raspberry Pi is very easy, while programming a printer is pretty hard.

    But all it takes is one very smart programmer to do that programming, then the exploit code can be distributed or sold to whoever wants to launch an attack.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?