Camouflaged with Size: A Case Study of Espionage using Acquirable Single-Board Computers
This work highlights a significant security vulnerability for organizations, as traditional physical security measures may fail to detect these small devices, posing risks of data breaches and espionage.
The study demonstrated that single-board computers like Raspberry Pi can be turned into espionage gadgets, enabling attackers to gain unauthorized network access and data through short-term physical access, with successful experimental deployment in two real-world networks.
Single-Board Computers (SBC) refer to pocket-sized computers built on a single circuit board. A number of studies have explored the use of these highly popular devices in a variety of domains, including military, agriculture, healthcare, and more. However, no attempt was made to signify possible security risks that misuse of these devices may bring to organizations. In this study, we perform a series of experiments to validate the possibility of using SBCs as an espionage gadget. We show how an attacker can turn a Raspberry Pi device to an attacking gadget and benefit from short-term physical access to attach the gadget to the network in order to access unauthorized data or perform other malicious activities. We then provide experimental results of placing such tools in two real-world networks. Given the small size of SBCs, traditional physical security measures deployed in organizations may not be sufficient to detect and restrict the entrance of SBCs to their premises. Therefore, we reiterate possible directions for network administrators to deploy defensive mechanisms for detecting and preventing such attacks.