Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security IT

Raspberry Pi As Hardware Backdoor 76

Posted by timothy from the where-you-can-stick-it dept.
An anonymous reader writes "NCC Group has released a new whitepaper at the Blackhat Europe conference on using a Raspberry PI as a hardware-based backdoor (PDF) in laptop docking stations. From the paper: 'The IT department is typically more concerned about someone stealing your laptop, so they'll ask you to secure your laptop with a Kensington-style lock, but not necessarily to secure the dock. This paper details how attackers can exploit the privileged position that laptop docking stations have within an environment. It will also describe the construction of a remotely controllable, covert hardware implant, but most importantly it will discuss some of the techniques that can be employed to detect such devices and mitigate the risks that they pose.'"
This discussion has been archived. No new comments can be posted.

Raspberry Pi As Hardware Backdoor More

Raspberry Pi As Hardware Backdoor

Comments Filter:

  • article wrong on voltage divider for power source (Score:3, Interesting)

    by Anonymous Coward on Friday March 15, 2013 @09:57PM (#43188127)

    The voltage divider shown couldn't deliver any significant current (less than 1 milliamp). The Pi is rated for about 1 Amp. Somebody is proud of their voltage divider equation but doesn't understand it. Unimpressed!

  • Re:Surprise!!! (Score:4, Interesting)

    by Garridan ( 597129 ) on Friday March 15, 2013 @10:14PM (#43188195)
    Naw, the paper is a good read. Fun pictures, funnier security recommendations. I'd love to see the IT guy who goes around weighing people's docking stations. Poor sap would end up taking night shifts just to avoid the teasing.

  • This article is not about Raspberry Pi... (Score:4, Interesting)

    by fufufang ( 2603203 ) on Friday March 15, 2013 @10:16PM (#43188207)

    It is about people hacking the docking station for laptops...

    If the victim is very important to the organisation which conducts hacking, a custom made PCB might be implant into the docking station... There is no need to use Raspberry Pi, which would make the whole thing very amateur.

  • Re:This article is not about Raspberry Pi... (Score:5, Interesting)

    by Anonymous Coward on Friday March 15, 2013 @10:51PM (#43188369)

    One approach we've seen on attacks on us, i.e. drives people find in the parking lot, is that the device appears as a composite device. Part of it shows up as an almost empty USB drive with a couple of innocuous Word documents, as long as you don't show hidden files and directories. However, the second and third parts are HID, when idle for too long, the new keyboard will try to do windows key+R -> "iexplore malwaresite". They also do other attacks using that means of access of a combination USB drive, keyboard and mouse.

Slashdot Top Deals

If all else fails, lower your standards.

Close