The presence of IoT devices in our lives is getting more and more visible each day. Once planted on a target network, the device will create an SSH encrypted tunnel that would enable an external attacker to send and receive data, including malicious payloads, to the target network.Please login or Register to access downloadables This tutorial shows how even a technically unsophisticated hacker could disguise a wi-fi enabled Raspberry Pi device inside a standard laptop power cord. The small form factor for Raspberry Pi devices make them ideal for the most straight-forward kind of hacking tool: the rogue device or Trojan horse. The CIDS developed by LMG was able to detect and alert on command and control traffic sent to a nearby infected mobile device.
Researchers from LMG Security showed how to make a low-cost cellular intrusion detection system using a Verizon Samsung Femtocell and the SNORT open-source intrusion detection software. Fortunately, fighting back against attacks transmitted over cellular networks doesn't have to be costly.
The folks at Icarus labs tapped the Raspberry Pi platform to build just such a system as a proof of concept, and say make a high-powered scanner that leverages 44 separate AV engines to interrogate portable media.Ĭellular intrusion detection system (CIDS)Īs far back as DEFCON 20, security experts demonstrated how so-called "Evil Twin" attacks that are common in the Wi-Fi world can be ported to GSM networks used by cellular phones, while existing network security tools can't inspect cell traffic. How do you figure if a given USB device you want to use is infected? One easy way is a portable scanner that you can plug the portable device into prior to using it. With the spread of inexpensive, high capacity portable drives, malware can easily jump over "air gaps" that separate stand alone devices like PCs, servers and embedded systems from malware-prone network- and Internet connected systems. Malware isn't just for Internet connected devices. Bluetooth and wireless connectivity mean the device can be remotely controlled once deployed on a target network. Their software, released under the GNU public license, was built on DEBIAN and compiles a small arsenal of common pen testing tools including netcat, wireshark, kismet, cryptcat and others. In May, the folks over at Pwnie Express made that a lot easier, releasing Raspberry Pwn, an open source tool that lets enthusiasts turn their Raspberry Pi into a penetration testing and audit tool.
While commercial tools exist from companies like Core Security and Immunity, most professionals still roll their own tools, often using a combination of proprietary and open source tools. Penetration testing is something of a dark art.
The folks at Lifehacker have a great tutorial on making your Raspberry Pi VPN by combining the minicomputer hardware with free and open source software (Hamachi from LogMeIn for the VPN and Privoxy for a web browsing proxy). With its small size and low power consumption, the Raspberry Pi platform makes a great choice for a portable VPN you can stick in your laptop bag for use on the road, or to protect always on connections like your home network. These days even the most casual web surfer on Starbucks free Wi-Fi needs one. Virtual private network (VPN) software used to be reserved for government employees and folks who worked for security conscious corporations.