Rogue network devices could be more common than one might think #RaspberryPi #PwnPlug

A while back, I wrote about devices that could be used on a network to gain access, be deployed by just about anyone, and potentially be undetected by IT staff or employees of a business. Here’s a follow-up.

Recently I have been playing around with a 35 dollar micro computer called the Raspberry Pi.  This lil’ pup of a computer is tiny, though too big to fit in an Altoids tin, it’s still small.  It features an ethernet port, composite video, HDMI digital video/audio, analog audio, a pair of USB ports, SD card slot and I/O. It also consumes very little power, so it could be battery powered if so desired (but unfortunately, not PoE/power over ethernet, yet)

At first I just loaded a linux build and oooohed and ahhhed, next I loaded a few different tools, turning it into the typical things others have, such as a media player that could play HD video (720p) on a TV, streaming just about anything you could want, and even offering you the ability to browse the web from your couch.  Okay, yippie…  I started looking at other people’s projects online for ideas of what to do next, because, like Hollywood, I was fresh out of new ideas.

I turned it into a ham radio interface to decode PSK, SSTV, CW and other digital modes, and then grew bored with that since I didn’t have a radio to play with in our office.

Oh, and I made it a video test pattern generator for composite and HDMI.  Yippie…

Somewhere in there, I said to one of the guys who work with me that it would be a cool network tool.   So in a matter of minutes, it became something akin to a Pwn Plug (mentioned in the link above).

It was at that moment that I realized the true vulnerability of just about any network you might come across.  If the IT administrator has not locked down their network well, this device will indeed be their worst nightmare.

Here’s the basic functionality of the thing, let’s call it the “HackPack” for lack of a better term….     You plug it into power and then plug in a network cable to an available network jack (or to the pass-thru on an IP phone, etc) or optionally use a USB Wi-Fi adapter if they have an open wireless network.   Once it is booted up, it grabs an IP address through DHCP and is now an active device on the network.

The next action is that it will “phone home” and connect to my server, via an encrypted VPN tunnel.   Once it has tunneled in, I have full control over it.  I can run any linux tool that I can load on it, from strobe (port and ip address scanner), to flooding tools used in denial of service attacks.

In essence, I have a machine on the remote network, allowing me to act as if I am there.  I can browse the web (yes, via a proxy, using MY desktop browser), download from sites, send email, all from the remote site’s IP address.  Or, something much more sinister could be done, using it to brute force a password of a server on the network, or through common exploits, gain access to a server, and pull information from it to be piped back home.

The raw board of the Raspberry Pi would look suspicious if spotted, but what if it were put in a case that was labeled “Network Surge Protector”, and plugged into 120VAC for power, had one cable going into it, and a common network switch, which would allow our imaginary hacker to walk in wearing service type clothing, unplug the connection to ANY network device (computer, copier, printer), then plug that device back into the switch and connect power.  Total downtime, mere seconds.

I tell you that to tell you this:   Businesses that run on auto-pilot, without so much as a professional IT service tech setting foot on the premises or using remote / managed network service monitoring tools run little to no chance of ever finding it.

For companies that have a larger infrastructure, we often deploy tools that will alert us to new devices plugged into the network. We can do that for your business or company as well. Even if you have full-time IT staff, a second set of eyes or implementing managed services and remote monitoring could potentially help catch the “HackPack” before it did any damage.

If you would like to talk about network or computer security for your Greenville / Upstate business, please call us at 864.990.4748 or use the CONTACT form above!

Leave a Reply

Your email address will not be published. Required fields are marked *