The Raspberry Pi experiment revealed the truth about the security of corporate networks
Researchers from Kaspersky Lab looked at the publicly available hardware and software tools used to capture passwords, concluding that a person with basic programming knowledge can create a powerful hacking tool within a few hours, with only about PLN 100 available. The experiment uses a USB device based on the Raspberry Pi mini-computer, which was configured in a specific way and did not contain any malware. Such equipped researchers were able to secretly collect user credentials from the corporate network at 50 passwords per hour.
The research was inspired by a real story: in another investigation, in which Kaspersky Lab experts participated, an internal spy (a cleaning company worker) used a USB stick to infect malicious workstation found in the targeted organization with malicious software.
After hearing this story, security enthusiasts from Kaspersky Lab began to wonder what else spies could use to break into the network. Can this be done without using any malware?
Raspberry Pi as a hacking tool
Researchers used the Raspberry Pi minicomputer, which they configured as an Ethernet card, made additional configuration changes in the computer's operating system, and installed several publicly available tools for detecting packets as well as data collection and processing. Finally, the researchers set up a server to collect the captured data. Then the device was connected to the attacked machine and started to automatically transfer to the server stolen credentials (this was possible due to the fact that the operating system on the affected computer identified the connected Raspberry Pi device as a wired network card (LAN) and automatically assigned it a higher priority than other available network connections, and - more importantly - provided him with access to data exchange in the network).
What's more, because the attack scenario allowed to send the captured data via the network in real time, the longer the device was connected to the PC, the more data it was able to collect and send to the remote server. In just half an hour of the experiment, the researchers managed to collect nearly 30 shortcuts of passwords sent through the attacked network. It is not difficult to imagine how much data can be collected in just one day. In the worst case, the domain administrator's credentials could be intercepted as well. For this to happen, he would have to log in to his account while the device was connected to one of the PCs inside the domain.
The potential attack area for this method of data capture is large: the experiment has been able to be reproduced on both blocked and unblocked computers running under Windows and macOS. Researchers have failed to reproduce the attack on devices based on Linux.
Although the attack does not allow capturing only passwords, but only hashes, which are their interpretation in the clean text after they have been processed by a specific algorithm, these shortcuts can be decrypted into the original passwords.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.