Malicious Raspberry Pi power strip looks a bit scary

What you see here is a Raspberry Pi shoehorned into a power strip. The idea is to leverage the power and low-cost of this board into a stealthy network observation device. It packs a similar punch as the Power Pwn but should cost at least $1100 less!

The fact that when you plug your Ethernet into this ‘surge protector’ it starts sniffing your traffic doesn’t really scare us. It’s the mains wiring that traverses the RPi itself that’s a bit unnerving. Call us overly-protective, but we like to see some shielding between our high-voltage and low-voltage components. But that aside, the rest of the hack is pretty solid. That item wrapped in electrical tape is a power converter for the board itself. It’s not shown here, but the NIC is patched into the surge protector’s RJ-45 connector. The one thing that might be nice to include is a WiFi nub so that you can access the strip wirelessly. This would open the door for other snooping items, like a small microphone.

27 thoughts on “Malicious Raspberry Pi power strip looks a bit scary

    1. I really fail to see the problem. If you reach voltages high enough to arc through electrical tape on your mains, you’re having bigger problems than your RasPi being toast.

  1. Unless you’re expecting lots of heavy EMI from your A/C line, there’s not too much worry about there. If your meaning is that you’d like to see more *insulation*, then you definitely have a point. I don’t trust (my skills with) electrical tape that far. Heatshrink is better.

  2. This is somewhat pointless. If you look at it you’ll see that the PI is not actually connected to anything but a power supply. It can’t do anything and you can’t interact with it.

  3. “Call us overly-protective, but we like to see some shielding between our high-voltage and low-voltage components”

    You mean like…the two layers of insulation on the power cable?

  4. wifi is unessesary, if your target network has internet. plus with a basic knoledge of cisco you can do a fair amount.

    there was a post a while ago with a talk that showed layer 2 exploits that if you spam a switch with mac addresses that it will turn itself into a hub. then you can just request a DHCP addess from the local network and send useing their internet the intercepted data back to your server. you could even do this by useing a secured IPv6 tunnel which would be tunneled from both sides and your end address would be obscured. espceially if you keep hopping on each transmission to a different IPv6 tunnel server to transmit back.

    this would essentially give you full access to any unencrypted traffic on a network and the ability to realtively hide your transmission of data back. although I would find it unkind to do this to a IPv6 tunnel broker.

    but setting a vlan for a couple ports on a cisco switch up beforehand to have mac address learning disabled to turn it into a hub for your target and the pi would be MUCH less noticeable. beacuse if the switch became a hub you would have massive network slowdowns from frame collisions and the Fastest speed would be at 100baseT of the Pi. if there is a slowdown technicians will tear out anything unessecary to try to find a accedental loopback.

    although it would be more difficult to program your pi to automatically attempt to hack a cisco switch. people ignore the security switches can provide too often I find. and you could just try defaults or common passwords for it, the hard part is finding out the IP for the switch. which could be done through the router with network monitoring protocals.

  5. That project is a good way to destroy a pi , the strip, and whatever network is attached.

    The problem isn’t so much the taped connections, though that isn’t good either. It is the usb connector laying between the hot sockets. if it comes unplugged or moves, look out.

  6. Looks like they didn’t secure the raspi within the case. It should be glued or somehow tied down so it won’t move and possibly short anything out. Plus it’ll rattle around when people move the unit which may raise suspicions. The rest of it looks fine for insulation.

    What happened to the days of repairing frayed cords with duct tape where nobody would bat an eyelash? post something online that’s good enough for the creator to use just fine but not quite up to infant-safe standards and everyone starts whinging.

  7. or they could cover the pi in its original anti-static bag and placed under a nice layer of foam (which would act as a layer to help keep the heavy wiring from touching the RPi further, and help keep the Rpi secure from moving)

    1. Also, in their current set-up, I don’t really see any real danger other EMI, and probably static build up on the thick wire insulation and casing. as long as they secure the RPi from moving inside, it won’t have the risk of getting shocked directly. And with a bit of unlucky, a spark (usually from plugging laptop chargers) can jump on the RPi, and probably short the PCB.

  8. So does this even work as an Ethernet snoop? You can’t normally connect three rj jacks in parallel (device, switch, rpi) and have the rpi sniff on traffic in either direction, can you?

    1. No, I don’t think this would work as network sniffer like its cabled now. Disconnect the TX pair so that raspi is only capable of receiving and it could work (assuming that the ethernet controller on rpi isn’t complete crap).

      1. With TX disconnected, you would need to physically recover the device to retrieve the info. If the hack had already been discovered, they may be waiting for you. With the TX attached, it could
        download to someplace “in the cloud” for retrieval.

    1. I believe that your pi would be running sans OS… This would be bad.
      …unless of course you also boot from thumb drive, but then we’re getting into more $$ for the SD-wifi setup.

  9. Do people actually use ethernet surge protectors?
    its arguably useful on a telephone line, but unless you have network cables strewn across your roof why would you use this?

    I certainly didn’t get the same impression from the article as you seem to have, doesn’t seem to be much traffic sniffing going on here anyway especially connected the way it is.

    I think you should be more concerned about the lack of strain relief on the cable due to the coax connector being in the way. solder is not a suitable mechanical connection.

    1. I’ve seen a number of surge protector’s on the Clearance table in a few stores. An attached note said something to the effect that phone/ethernet connections were “noisy”.

  10. I notice there is no strain relief, and in later pictures nothing stopping the cord from moving in and out besides maybe friction. Very unlikely, but in the event of a bad solder joint, a good yank could pull the cord free to spew about with 120v as it please inside the case. I don’t think that would ever happen, but as a semi-paranoid it makes me nervous.

  11. Keep an eye on their site for more projects and/or updates. I’m sure they are going to do updates and will have a better version of this in the future. Keep in mind they just wanted to see if they could do it, and get something cheaper than the Pwnplug type pentesting devices. *shrug*

  12. One time I had a colony of ants build up inside an APC UPS. Every day, the system would make a little popping sound, then switch to battery inversion for about two seconds, then switch back to mains. For the longest time I was baffled.

    Then one day I noticed some ants making a trail and investigated. It was crazy how many ants were living inside it. Apparently, every once in a while an ant would come too close to crossing the AC wires and the power would short through it, killing the ant instantly and causing the protection circuit to put it on battery.

    I find myself wondering if a similar ant infestation would destroy the RasPi.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.