[TriEmbed] Kali Yin/Yang with Arduino

Thu Jun 4 17:19:13 CDT 2015

The Arduino is a 8-bit mpu not capable of booting and running Linux.

On Thu, Jun 4, 2015 at 2:51 PM, John Vaughters via TriEmbed <
triembed at triembed.org> wrote:

>
> With a continued escalation on security, I decided to check out the most
> recent Kali Linux (Security Distribution). While scanning around the menus,
> I noticed that Arduino IDE was loaded. How curious was that? Further
> digging took me to a concept that I found intriguing enough to write this
> email. While this little Open Source Hardware project has been capturing
> our minds, it apparently has been noticed by the security industry as well.
>
> I have not looked into all the possibilities of Arduino use, but the one
> that I noticed right away is affected by the Physical Security aspect. As
> you may or may not know, newer Arduino's and the Teensy as well as other
> devices can be configured to be recognized as a keyboard by a computer.
> Well, this is quite powerful if you can basically place a keyboard device
> in a computer and let it hack away. Now add an sd card and you have some
> serious scripting capability.
>
> So the attack works like this. A person walks into your building (Think
> cleaning crew), and finds a computer that seems to be not used much or
> worse a server. The person plugs in an arduino configured as a keyboard and
> walks away. You now have a robotic keyboard filled with scripts to attempt
> mal intents. One thing that came to my mind was to include a USB stick as
> well with a bootable distribution of a linux OS that could basically grant
> a person access to an outside computer that would allow entry into your
> network. The Arduino keyboard could reboot a computer and attempt to boot
> the USB stick. Arduino keboard could even log into bios. Actually the
> possibilities seem almost endless to me, but the work to create the scripts
> would not exactly be easy. Would require quite a bit of testing I would
> imagine.
>
> Anyhow, don't underestimate the power of physical access to your
> computers. Many people are turning off their USB ports for file
> capabilties, but I have not looked into this stopping a keyboard from
> getting access to bios.
>
> I just thought that some of you might be interested in the double edged
> Yin/Yang technology that we have become so enamored with in the past 5 or
> so years.
>
> John Vaughters
>
>
> _______________________________________________
> Triangle, NC Embedded Computing mailing list
> TriEmbed at triembed.org
> http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
> TriEmbed web site: http://TriEmbed.org
>
>

-- 
Scott G. Hall
Raleigh, NC, USA
scottghall1 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20150604/daa837cb/attachment.htm>