Posted on 02/02/2012 11:10:30 AM PST by alancarp
"...security researcher Brendan OConnor is trying a different approach to spy hardware: building a sensor-equipped surveillance-capable computer thats so cheap it can be sacrificed after one use, with off-the-shelf parts that anyone can buy and assemble for less than fifty dollars.
At the Shmoocon security conference Friday in Washington D.C., OConnor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5 by 4 by 1 inch spy computer. And OConnor has designed the cheap gadgets to dropped from a drone, plugged inconspicuously into a wall socket, thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wifi network."
(Excerpt) Read more at forbes.com ...
Regardless, it's worth posting just for its name (emphasis was added to the excerpt).
This shirts for you for posting
ping?
If you’re interested in this type of thing, read, “Spycraft: The history of the CIA’s Spytech”. Makes you proud to be an American and respectful of what the Agency’s folks did to protect us during the Cold War.
As a matter of fact, I do have that... in a box someplace...
I’m not calling complete BS on this, but the article is long on talk and short on specifics.
The only PogoPlug for $25 on Amazon is a media sharing device that puts a hard drive on ethernet. It has no wi-fi. And even if it did, wi-fi is notoriously power hungry and not suitable for much more than a few hours operation when operated from batteries.
Even if it used wi-fi, these devices would be discoverable. On wired ethernet, the concept is silly.
There are many more suitable technologies, such as 802.15.4, ZigBee, and proprietary mesh sensor networks that can operate for years due to a more efficient communications protocol and time synchronization that allows the node to ‘sleep’ not of the time.
I applaud ingenuity and hackers have made great contributions, but I don’t think this is one of ‘em.
But the idea of throwaway mass-distributed monitoring devices is real, and certainly nothing new. Google “smart dust” for more info. This is like a stone ax by comparison.
What made me connect the two ideas was a concept they tried during the Cold War. Two targets always sat in a fenced courtyard on the same bench talking business, so there was no chance of being overheard with a bug. The Agency developed a round that could be fired into a tree right about the two. The slug had a tiny transmitter and hair sized antenna. They made the shot but the bark was too rough and wouldn’t serve as a flat plane well enough to pickup the conversation. Some operations were successful and some not. This one was not. It is worth noting a number of Russian citizens who gave there lives in support of our goals against the Soviet Union.
I doubt this.
A snooper like this would need to penetrate WPA2 or better wi-fi, and it takes hours to confirm and crack basic WEP. I also doubt that, after a crack, that the computer being leeched off of couldn’t easily detect a wi-fi signal.
Yup, that's what I thought, too.
The article does say that the WiFi was added, and the battery life was only a few hours. But, they do suggest other ways to conceal it, such as in a carbon monoxide detector. That could be powered.
Even if it used wi-fi, these devices would be discoverable. On wired ethernet, the concept is silly.
It depends on the WiFi network it uses to upload. I've worked in a few places where the coverage was really dense, like downtown. If there's a hotel next door, it wouldn't be difficult to piggyback on their WiFi. You could even set up your own connection from outside with a high-gain direction antenna. Unless someone were monitoring signal strengths, they'd never notice.
But, connecting to the target network is the fastest way to be discovered, if it's possible at all. When I've seen a company wireless network, it is usually OUTSIDE the company firewall. In other words, it's treated as if it is the public Internet, and users have to then use their VPN to connect past the firewall.
A snooper like this would need to penetrate WPA2 or better wi-fi, and it takes hours to confirm and crack basic WEP.
WEP is much easier to break than that: A team at the Technische Universität Darmstadt said that they can [crack a WEP key] with a 95 percent probability of success in as little as two minutes using a 1.7GHz Pentium-M machine to do the calculations. But, only the foolish are still using WEP.
There are still small businesses and homes using WEP (or no encryption at all). But, there's not much you can get from that.
>>WEP is much easier to break than that: A team at the Technische Universität Darmstadt said that they can [crack a WEP key] with a 95 percent probability of success in as little as two minutes using a 1.7GHz Pentium-M machine to do the calculations. But, only the foolish are still using WEP.
>>There are still small businesses and homes using WEP (or no encryption at all). But, there’s not much you can get from that.
Thanks for the update. I’ve used Backtrack to play with WEP cracking and it took a while. Of course, it was only Backtrack. I could see hacking around their network and backdooring with outside wifi, but then why not just hack them externally? Leech off of a McDonald’s or Starbucks wifi connection and boom, same effect. I just cant see people cracking WPA2 and then backdoor cracking.
Better to put a trojan on a big boobs site and wait until an employee d/ls it.
I get out my shotgun if I see one of them flying around my house.
Using a small embedded system device installed inside a computer keyboard to capture passwords and sending the information via the net is probably routinely done by spies both public and private.
So, where are most keyboards *made* nowadays, anyway?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.