Industry News

The Perfect Hardware Spy Tool for $35 Plus Change

A new computer espionage tool built on the $35 Raspberry Pi microcomputer has been detailed in a presentation at this year’s BlackHat conference in Amsterdam. This highly-advanced hardware keylogger is small enough to fit into a laptop docking station and powerful enough to intercept keystrokes, sniff network traffic, take screenshots, and more.

The Raspberry PI is a credit card-sized computer with a 700 MHz ARM processor rigged with 512 MB of RAM – enough to run its own operating system – and is equipped with two USB ports, an Ethernet connection, HDMI and an array of general-purpose ports.

As detailed in the presentation by Andy Davis, the Dell docking station for Latitude E series of laptops provide enough room to cram the Raspberry PI microcomputer along with the cables and, possibly, with a 3G modem that will be used to siphon stolen data. This approach ensures the rogue network traffic does not get detected or blocked in the company network. Screenshots and unauthorized video camera captures can be recorded on a third device such as Videoghost, although this will add some $150 extra to expenses.

Building a PI-based spy tool is not as simple as plugging a readily-available keylogger into a target system: it requires some basic skills such as identifying the dock’s internal ports and soldering a couple of wires to connect the Raspberry. However, once built, this setup runs completely transparent, is immune to antivirus solutions and relies on its own 3G connection to send the stolen data or to process incoming malicious requests.

So, next time you leave for your lunch break, make sure you don’t leave your laptop’s docking station unattended. If this is not an option, use an antitheft lock to strap the docking station to your desk.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment