Never Underestimate the Power of the Little Raspberry Pi

The Raspberry Pi is fascinating a diverse set of people – from technophiles, to security researchers, to security practitioners, to Penetration Testers, to adventurers, to problem solvers, to kids, and to bad guys too.  This Raspberry Pi is a lot like Lego – you can literally build anything, do anything, with this affordable and diminutive device.  Unlike the smart phone, the Pi is basically disposable.

Tiny is the Pi’s power. Its size and unexpected power makes it interesting.  Applications for the Pi seem to be limited only by your imagination.

You can plant the Pi behind a power junction switch, put it in a Dell power brick, put it in a FedEx delivery envelope or put it on a drone – it’s also a great platform for remote attacks.  You can use it to send covert signals to nearby receivers using specific frequencies, and it’s so small it’s virtually invisible.

The Pi can support a camera, drive your TV video display, sense temperature and GPS location and even sense the opening and closing of doors.  This little critter can be programmed to really freak people out, by providing you all this information remotely. 

OK, back to task!  Branden Williams presented at the Austin OWASP chapter on 4/29/14, sharing his enthusiasm about the Raspberry Pi and its applications in security.  As Branden pointed out, the $35 Raspberry Pi is a full computer – the size of an Altoid tin and basically disposable given its price point. 

There was an in-person audience of about 50, and some online viewers.   One of the first things Branden asked of the audience was "Who is a ham radio operator?"  Amazingly, there were about 8 in the audience that were.  High percentage.  Let's think about why this might be the case. 

Security people understand some things quite well: they favor the path the attacker will ignore, or be unable to attack successfully.  Security people think about things like minimizing attack surfaces.  They are aware that attackers care about ROI and attack targets of value.  Ham radio appeals to the OWASP audience for these and other reasons.

To see and hear Branden’s talk, please go here and advance about 10 minutes to skip the OWASP meeting portion 

Branden’s slides are here 

For another example of the cool things the Pi can do: here’s a whitepaper Branden provided me that tells you how to configure and run a Raspberry Pi for Wireless Analysis.

Used to be, it was hard to acquire a Raspberry Pi.  No more.  Look on Amazon, there are some really nice kits with everything you need, for less than a dinner for two.