The Raspberry Pi is fascinating a diverse set of people – from technophiles,
to security researchers, to security practitioners, to Penetration Testers, to
adventurers, to problem solvers, to kids, and to bad guys too. This Raspberry Pi is a lot like Lego – you
can literally build anything, do anything, with this affordable and diminutive
device. Unlike the smart phone, the Pi is basically disposable.
Tiny is the Pi’s power. Its size and unexpected power makes it
interesting. Applications for the Pi
seem to be limited only by your imagination.
You can plant the Pi behind a power junction switch, put it in a
Dell power brick, put it in a FedEx delivery envelope or put it on a drone –
it’s also a great platform for remote attacks.
You can use it to send covert signals to nearby receivers using specific
frequencies, and it’s so small it’s virtually invisible.
The Pi can support a camera, drive your TV video display, sense temperature and GPS location and even sense the opening and closing of doors. This little critter can be programmed to really freak people out, by providing you all this information remotely.
OK, back to task! Branden
Williams presented at the Austin OWASP chapter on 4/29/14, sharing his
enthusiasm about the Raspberry Pi and its applications in security. As
Branden pointed out, the $35 Raspberry Pi is a full computer – the size of an
Altoid tin and basically disposable given its price point.
There was an in-person audience of about 50, and some online
viewers. One of the first things
Branden asked of the audience was "Who is a ham radio operator?"
Amazingly, there were about 8 in the audience that were. High
percentage. Let's think about why this might be the case.
Security people understand some things quite well: they favor the path
the attacker will ignore, or be unable to attack successfully. Security people think about things like minimizing
attack surfaces. They are aware that attackers
care about ROI and attack targets of value. Ham radio appeals to the
OWASP audience for these and other reasons.
Branden’s slides are here
For another example of the cool things the Pi can do: here’s a
whitepaper Branden provided me that tells you how
to configure and run a Raspberry Pi for Wireless Analysis.
Used to be, it was hard to acquire a Raspberry Pi. No more. Look on Amazon, there are some really nice
kits with everything you need, for less than a dinner for two.