Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":760124,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,","session":"A"}']

This tiny Raspberry Pi Trojan horse could be a cute little backdoor into your corporate network

Image Credit: http://www.tunnelsup.com

raspberry-pi-trojan-horse
You gotta love security geeks — they can make it so easy for you. At least, if you’re a black-hat hacker.

Network security engineer “Richee” posted complete details about how to make a tiny Raspberry Pi computer look like a ordinary laptop power brick — and then give himself a physical backdoor into corporate networks.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":760124,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,","session":"A"}']

Technically, the job is laughably easy.

The Pi is a tiny computer that could fit in the palm of your hand. But it’s got a 700 MHz processor, a half a gigabyte of RAM, and runs a custom version of Linux. It also has HDMI and USB ports and — critically — Ethernet. Kids, geeks, white-hat hackers, and case-modders buy the cheap $25-$35 computer and build beautiful cases for it, install apps from the Pi Store, and craft robotic bartenders with it.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

With a little soldering and gluing, Richee fit the tiny Pi into an old power brick, hooked up a black Ethernet cord, and jimmied up a power supply out of a plug and a USB converter. Voila: an inconspicuous ET-phone-home hacker’s best friend.

Of course, the software is the critical part.

With a few lines of code, Richee built a little script that will phone home to his designated server over SSH (secure shell). Once the Pi phones home, he’s got an insider’s access to the network it’s on.

Of course, Richee doesn’t have nefarious intent — it’s simply a tool for remote support. In the wrong hands, however, it could go unnoticed for weeks, if companies have lax security oversight, and offer very tempting access to ostensibly-secure data.

There is one problem, of course: Laptop power bricks don’t normally have Ethernet cords hanging from them. Richee has a solution for that:

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":760124,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,","session":"A"}']

It looks weird when you stare at it, but put it behind a plant and nobody will ever notice it (except the guy who waters the plants).

And the guy who waters the plants is unlikely to know to much about network security.

Image credits: TunnelsUP

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More