Camouflaged with Size: A Case Study of Espionage using Acquirable Single-Board Computers

Abstract

Single-Board Computers (SBC) refer to pocket-sized computers built on a single circuit board. A number of studies have explored the use of these highly popular devices in a variety of domains, including military, agriculture, healthcare, and more. However, no attempt was made to signify possible security risks that misuse of these devices may bring to organizations. In this study, we perform a series of experiments to validate the possibility of using SBCs as an espionage gadget. We show how an attacker can turn a Raspberry Pi device to an attacking gadget and benefit from short-term physical access to attach the gadget to the network in order to access unauthorized data or perform other malicious activities. We then provide experimental results of placing such tools in two real-world networks. Given the small size of SBCs, traditional physical security measures deployed in organizations may not be sufficient to detect and restrict the entrance of SBCs to their premises. Therefore, we reiterate possible directions for network administrators to deploy defensive mechanisms for detecting and preventing such attacks.