Malicious Raspberry Pi power strip looks a bit scary

What you see here is a Raspberry Pi shoehorned into a power strip. The idea is to leverage the power and low-cost of this board into a stealthy network observation device. It packs a similar punch as the Power Pwn but should cost at least $1100 less!

The fact that when you plug your Ethernet into this ‘surge protector’ it starts sniffing your traffic doesn’t really scare us. It’s the mains wiring that traverses the RPi itself that’s a bit unnerving. Call us overly-protective, but we like to see some shielding between our high-voltage and low-voltage components. But that aside, the rest of the hack is pretty solid. That item wrapped in electrical tape is a power converter for the board itself. It’s not shown here, but the NIC is patched into the surge protector’s RJ-45 connector. The one thing that might be nice to include is a WiFi nub so that you can access the strip wirelessly. This would open the door for other snooping items, like a small microphone.

Comments

  1. deadlyfoez says:

    Really bad idea to not have that better protected and shielded.

    • Troels says:

      I really fail to see the problem. If you reach voltages high enough to arc through electrical tape on your mains, you’re having bigger problems than your RasPi being toast.

  2. mohonri says:

    Unless you’re expecting lots of heavy EMI from your A/C line, there’s not too much worry about there. If your meaning is that you’d like to see more *insulation*, then you definitely have a point. I don’t trust (my skills with) electrical tape that far. Heatshrink is better.

  3. slincolne says:

    This is somewhat pointless. If you look at it you’ll see that the PI is not actually connected to anything but a power supply. It can’t do anything and you can’t interact with it.

  4. sdds says:

    “Call us overly-protective, but we like to see some shielding between our high-voltage and low-voltage components”

    You mean like…the two layers of insulation on the power cable?

  5. roboman2444 says:

    it really needs a wifi module, so it can access wifi networks and sniff those too.

  6. mosheen says:

    The board has plenty of distance from the 120v lines. The only slightly alarming item is the cat5 running near the rail, but it has 600v insulation on it.

  7. Matthew Rogan says:

    wifi is unessesary, if your target network has internet. plus with a basic knoledge of cisco you can do a fair amount.

    there was a post a while ago with a talk that showed layer 2 exploits that if you spam a switch with mac addresses that it will turn itself into a hub. then you can just request a DHCP addess from the local network and send useing their internet the intercepted data back to your server. you could even do this by useing a secured IPv6 tunnel which would be tunneled from both sides and your end address would be obscured. espceially if you keep hopping on each transmission to a different IPv6 tunnel server to transmit back.

    this would essentially give you full access to any unencrypted traffic on a network and the ability to realtively hide your transmission of data back. although I would find it unkind to do this to a IPv6 tunnel broker.

    but setting a vlan for a couple ports on a cisco switch up beforehand to have mac address learning disabled to turn it into a hub for your target and the pi would be MUCH less noticeable. beacuse if the switch became a hub you would have massive network slowdowns from frame collisions and the Fastest speed would be at 100baseT of the Pi. if there is a slowdown technicians will tear out anything unessecary to try to find a accedental loopback.

    although it would be more difficult to program your pi to automatically attempt to hack a cisco switch. people ignore the security switches can provide too often I find. and you could just try defaults or common passwords for it, the hard part is finding out the IP for the switch. which could be done through the router with network monitoring protocals.

  8. cgmark says:

    That project is a good way to destroy a pi , the strip, and whatever network is attached.

    The problem isn’t so much the taped connections, though that isn’t good either. It is the usb connector laying between the hot sockets. if it comes unplugged or moves, look out.

    • Ren says:

      I’ve seen the solder “tit” work through electrical tape over time. Especially if excess wire/solder was trimmed off after soldering giving it a sharp edge/point.

  9. jordan says:

    Looks like they didn’t secure the raspi within the case. It should be glued or somehow tied down so it won’t move and possibly short anything out. Plus it’ll rattle around when people move the unit which may raise suspicions. The rest of it looks fine for insulation.

    What happened to the days of repairing frayed cords with duct tape where nobody would bat an eyelash? post something online that’s good enough for the creator to use just fine but not quite up to infant-safe standards and everyone starts whinging.

  10. DaveO says:

    Of course the real danger is actually a power surge or lightning strike…

  11. TacticalNinja says:

    or they could cover the pi in its original anti-static bag and placed under a nice layer of foam (which would act as a layer to help keep the heavy wiring from touching the RPi further, and help keep the Rpi secure from moving)

    • TacticalNinja says:

      Also, in their current set-up, I don’t really see any real danger other EMI, and probably static build up on the thick wire insulation and casing. as long as they secure the RPi from moving inside, it won’t have the risk of getting shocked directly. And with a bit of unlucky, a spark (usually from plugging laptop chargers) can jump on the RPi, and probably short the PCB.

    • Ren says:

      I don’t think the ESD bag would be a good idea, it is conductive on the inside, possibly shorting out the Raspi.

  12. Westfw says:

    So does this even work as an Ethernet snoop? You can’t normally connect three rj jacks in parallel (device, switch, rpi) and have the rpi sniff on traffic in either direction, can you?

    • zokier says:

      No, I don’t think this would work as network sniffer like its cabled now. Disconnect the TX pair so that raspi is only capable of receiving and it could work (assuming that the ethernet controller on rpi isn’t complete crap).

      • Ren says:

        With TX disconnected, you would need to physically recover the device to retrieve the info. If the hack had already been discovered, they may be waiting for you. With the TX attached, it could
        download to someplace “in the cloud” for retrieval.

      • Ren says:

        As a network sniffer, it would only pick up the traffic intended for the device that is plugged into it, if the network is routed instead of hubbed.

  13. M4CGYV3R says:

    Don’t they have SD cards with WiFi functionality now? Just use one of those.

    • Fritoeata says:

      I believe that your pi would be running sans OS… This would be bad.
      …unless of course you also boot from thumb drive, but then we’re getting into more $$ for the SD-wifi setup.

  14. pff says:

    Do people actually use ethernet surge protectors?
    its arguably useful on a telephone line, but unless you have network cables strewn across your roof why would you use this?

    I certainly didn’t get the same impression from the article as you seem to have, doesn’t seem to be much traffic sniffing going on here anyway especially connected the way it is.

    I think you should be more concerned about the lack of strain relief on the cable due to the coax connector being in the way. solder is not a suitable mechanical connection.

    • Ren says:

      I’ve seen a number of surge protector’s on the Clearance table in a few stores. An attached note said something to the effect that phone/ethernet connections were “noisy”.

  15. I notice there is no strain relief, and in later pictures nothing stopping the cord from moving in and out besides maybe friction. Very unlikely, but in the event of a bad solder joint, a good yank could pull the cord free to spew about with 120v as it please inside the case. I don’t think that would ever happen, but as a semi-paranoid it makes me nervous.

  16. darksim905 says:

    Keep an eye on their site for more projects and/or updates. I’m sure they are going to do updates and will have a better version of this in the future. Keep in mind they just wanted to see if they could do it, and get something cheaper than the Pwnplug type pentesting devices. *shrug*

  17. One time I had a colony of ants build up inside an APC UPS. Every day, the system would make a little popping sound, then switch to battery inversion for about two seconds, then switch back to mains. For the longest time I was baffled.

    Then one day I noticed some ants making a trail and investigated. It was crazy how many ants were living inside it. Apparently, every once in a while an ant would come too close to crossing the AC wires and the power would short through it, killing the ant instantly and causing the protection circuit to put it on battery.

    I find myself wondering if a similar ant infestation would destroy the RasPi.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,326 other followers