It was only a few years ago that, unless you happened to be involved in international espionage, worrying about an attacker infiltrating your security with a rogue device would have been bordering on paranoia. Consumer level hardware simply wasn’t up to the task.
But today, not only are rogue devices available, they are becoming cheaper, more powerful, and harder to detect. These small devices are rapidly becoming huge threats thanks to a number of technologies making price breakthroughs.
ARM Single Board Computers
Easily one of the most important advancements in the world of rogue devices, the advent of low cost ARM single board computers (SBC) made the idea of a consumer-level disposable computer a reality. Not only do these devices pack enough horsepower to do legitimate security work (offensively, and defensively), but they are so small and cheap that they can be installed and forgotten about. There’s no need to worry about recovering an installed rogue device when it cost less than $50 and already delivered all of the data it collected over the Internet.
A perfect example is the massively popular Raspberry Pi. For just $35, anyone who wants one can get a full fledged Linux computer that fits in the palm of their hand. Its small size and energy efficiency make it easy to hide, and combined with commonly available software, makes an ideal “set and forget” rogue device.
Newer devices promise to be even smaller and more powerful than the Raspberry Pi, some now going as far to pack in multi-core processors. These devices will soon have the processing power to handle tasks which currently may be too resource intensive to perform on-site, increasing their already considerable threat.
Compared to a microcontroller, even the most diminutive of the ARM boards is a behemoth. Microcontrollers are still computers in the technical sense, but they are effectively only powerful enough to perform a single task. Even still, the security implications of these devices cannot be overstated.
If low-cost ARM boards have a poster child in the Raspberry Pi, the world of microcontrollers is best represented by the Arduino. This tiny board is easily programmable by even novices, and has enough input and output capability (greatly expanded by add-on modules) to perform a dizzying array of tasks. With add-on modules for Ethernet and WiFi, an Arduino only needs some clever programming to turn it into a stand-alone monitoring station that could run for weeks on batteries.
However, even that may be too pedestrian to do the threat of microcontrollers justice. The Social-Engineer Toolkit (SET) now includes multiple payloads which can be easily written to commonly available microcontroller boards. For example, the board could act as a USB keyboard when plugged into a target device, entering in rapidly and with zero errors any commands the attacker wishes.
A whole new dimension of rogue device threats has opened up with the increasing popularity, and decreasing price, of 3D printers. A sufficiently skilled attacker could use a 3D printer to create a passable facsimile of an existing fixture or appliance, thereby perfectly camouflaging a rogue device.
If it sounds far fetched, think again. As far back as 2010, criminals were attempting to use 3D printers to create nearly undetectable ATM skimmers. Since then, desktop 3D printers have only become more capable and more available.
With the increasing capability and commonality of well-hidden roque devices, its never been more important to keep a close eye on your environment. Watch for hardware that looks like its been moved or tampered with, and don’t allow outside hardware to be brought in and installed without inspecting it first.
While it may seem like a daunting task, making it difficult for an attacker to install a rogue device is much easier than searching for one after the fact.