In this article we address the security risks associated with the Raspberry Pi. Whether the intentions of its use are moral or not, since this device has the ability to carry out dangerous cyber attacks.
The Raspberry Pi is a small (credit card-like size), inexpensive, portable computer that connects to real-world objects. It contains all the basics of any computer including a processor, memory and graphics processor. As such, it is capable of doing everything one would expect a regular computer to do. For instance, browse the internet, play high definition videos, create spreadsheets, word processing and more. With its computer-functioning capabilities, the Raspberry Pi was intended to be used for ethical purposes. Which it is still used for. It can, however – through a payload – be instructed to carry out malicious, clandestine activity, thus making it a Rogue Device.
Raspberry Pi Security Challenges
PoisonTap is designed for Raspberry Pi and exploits the existing trust in various mechanisms of a machine and network. It creates a cascading effect of information exfiltration, network access, and installation of semi-permanent backdoors.
P4wnP1 is a highly customizable USB attack platform for the Raspberry Pi Zero or Raspberry Pi Zero W that allows one to connect the device into a host computer. As a HID or network interface.
NAC software supports network visibility and access management through policy enforcement on devices and users of corporate networks. To bypass, an attacker must access a device that has already been authenticated. In other words, a genuine device must be spoofed, which can be done with a Raspberry Pi.
The authenticated device logs into the network and then smuggles network packets from the Raspberry Pi by overwriting the MAC address. Making it seem as if the packets are originating from the genuine, authenticated device. From here, the attacker has access to the organization’s network and can, consequently, move laterally through it. This can allow for a variety of potential attacks such as a data breach, malware installation or Advanced Persistent Threat (APT) attack.
Advanced Persistent Threat (APT) attack
An APT, which can be carried out with a Raspberry Pi, is one of the greatest threats to an organization due to the sophisticated, specific nature of the attack.
The clandestine essence of APT thus means that the targets are frequently government agencies or critical infrastructure providers since an attack on these sectors can often cause a risk to national security. Nation state or state-sponsored actors usually affiliate with APTs due to this type of motivation. Additionally, carrying out these attacks requires strong capabilities.
APTs allow the attacker to go deep into the target’s network and do so unnoticed for long periods of time using advanced hacking methods. An APT attack can acquire state secrets, confidential data, and government officials’ personal information for the purposes of sabotage or even terrorism.
Cyberwarfare is growing in prevalence due to nations’ economies. Infrastructure, trade, business, communication, transport and more increasingly relying on IT and IT-enabled services. An attack on any sector can cause serious damages, not only to the direct target. Cyberwarfare is also cheaper and more immediate than traditional warfare, with less risk to human life – especially on the attacker’s side – and can allow smaller, weaker states to impose substantial damage on a strong adversary that would otherwise not be possible. By harming a strong adversary, smaller states have the potential to become powers in asymmetric warfare.
As a result, APTs are an appealing attack method for those with sabotage as a motive.
Due to its computer-like capabilities, the Raspberry Pi device can control a medical ventilator by setting the air pressure, opening and closing valves and regulating whether a patient needs full or partial breathing assistance. Since a ventilator has relatively low demands, the Raspberry Pi Zero is the ideal device to power it. Especially since it is inexpensive and portable. Additionally, the company producing Raspberry Pi builds to stock, rather than to order. Meaning that the products are constantly on hand, which is essential during a pandemic. However, computer-controlled ventilators increase the number of entry points for an attacker to target the healthcare industry. Which is already the most frequently targeted industry.
Healthcare facilities hold the data known as Personal Health Information (PHI), which sells for 100 times more than Personally Identifiable Information (PII) on the black market. Furthermore, the healthcare industry is widely recognized for prioritizing efficient services to patients over cybersecurity. Due to the industry’s often-critical nature, security features are perceived as a hindrance rather than an aid..
Raspberry Pi Security and Physical Layer
Raspberry Pi devices pose significant security risks due to their covert nature. Due to their small size, they can be discreetly embedded within peripherals or placed on networks, evading human detection. Moreover, when used as USB attack tools, security software recognizes them as legitimate HID devices, evading suspicion. When acting as network implants, they operate on the Physical Layer (Layer 1 Visibility), outside the coverage of security software, rendering them undetectable and raising no security concerns.
Enhancing Hardware Asset Visibility and Security
Many times, enterprises’ IT and security teams struggle in providing complete and accurate visibility into their hardware assets. Especially in today’s extremely challenging IT/OT/IoT environment. This is due to the fact that often, there is a lack of visibility, which leads to a weakened policy enforcement of hardware access. This may result in security accidents, such as ransomware attacks, data leakage, etc.
To address this challenge, you need ultimate visibility into your hardware assets, regardless of their characteristics and the interface used for connection, as attackers can exploit them. Moreover, it is important to be practical and adjust to the dynamic Cybersecurity defenses put in place to block them, as well as take advantage of the “blind” spots. Mainly through USB Human Interface Device (HID) emulating devices or Physical layer network implants (Raspberry Pi Risks – A Friend or Foe ?).
Sepio’s Rogue Device Mitigation Solution
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.
Sepio is the leader in the Rogue Device Mitigation (RDM) market and is disrupting the cybersecurity industry by uncovering hidden hardware attacks operating over network and USB interfaces. Sepio’s solution, identifies, detects and handles all peripherals; no device goes unmanaged.
Sepio is the only company in the world to undertake Physical Layer fingerprinting. Sepio calculates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any attacks. With Machine Learning, the software analyses device behavior to identify abnormalities, such as a mouse acting as a keyboard.