Raspberry Pi as physical backdoor to office networks

Pierluigi Paganini June 22, 2013

Network security engineer “Richee” explained how to use a Raspberry Pi to realize a physical backdoor to gain remote access to an office network.

Network security engineer “Richee” published an interesting post on how to use a tiny Raspberry Pi computer to obtain physical access into a corporate network. I decided to publish this post because it gives us a lesson on security perspective, Richee has in fact used the tiny Raspberry Pi hiding it in an ordinary laptop power brick, an object very common in any office and realizing in this way a physical backdoor into the network.

Despite it is possible to detect the presence of a new device within a network, in the reality majority of network administrators don’t analyze this crucial aspect, this is also well known to the research team that in the past have sustained the development of hardware able to monitor the host network and scan it for information gathering purpose.

Raspberry Pi

DARPA and some start-up companies have already proposed in the past battery chargers or surge protectors. Just one year ago it was designed a device that look like a surge protector, but that in reality is a powerful tool to infiltrate networks allowing remote access to its machines. The device was called the Power Pwn, it’s an all in one solution that contains all necessary hacking tools used by security experts and pen-tester to exploit a network, the device is also equipped with Wi-Fi and Bluetooth adapters and give the opportunity to an attacker to control it via the cellular network thanks to a “text-to-bash” feature that lets hackers to send commands to the device using SMS messages.

PWn Plug evolution

The device makes possible to conduct a full and accurate penetration, following the comment of the CEO of Pwnie Express, Dave Porcello:

It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.”

The rapid evolution of tiny computers such as The Raspberry Pi as made available a true computer in the size of a cigarette pack with obvious repercussion. Raspberry Pi uses Linux kernel-based operating systems, Raspbian, a Debian-based free operating system optimized for the Raspberry Pi hardware, it has a 700 MHz processor and also 512MB of RAM, enough to make it ideal for a wide range of application, including pen testing.

The Raspberry Pi is very cheap, a few tens of dollars to have a machine that has various connection options such as HDMI, USB ports and Ethernet. With a bit of imagination, lots of creativity and cunning an attacker could hide these devices in everyday objects and it is precisely what he did Richee that fit the Raspberry Pi into a power brick, hooked up a black Ethernet cord, and jimmied up a power supply out of a plug and a USB converter.

The hardware part was ready, the hacker has masquerade a “PC” within a power brick, but it has also worked on the software component of the object. Richee has written a simple script that will connect to server at home via SSH, in this way the Raspberry Pi gives to  the attacker access to the host network.

Raspberry Pi Script

Now let’s imagine the potential effect of a similar device used for espionage, you can object me that it is possible to do it with many other solutions and it is true, but have a Raspberry Pi in a target network as explained before could give to the attackers a various range of opportunity.

The Achilles heel of the solution presented is that laptop power bricks presents an Ethernet that could anyway be simply hidden behind a plant or a furniture. A similar solution is very devious because an attacker to gain access to an internet network and its information remaining unnoticed for a long time … Never let your guard down!

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Hacking, Raspberry Pi)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment