Raspberry Pi Security
SRC Sepio Raspberry Pi Security
In this article, we address the security risks associated with the Raspberry Pi, whether the intentions of its use are moral or not since this device has the ability to carry out dangerous cyber attacks.
The Raspberry Pi is a small (credit card-like size), inexpensive, portable computer that connects to real-world objects. It contains all the basics of any computer including a processor, memory, and graphics processor. As such, it is capable of doing everything one would expect a regular computer to do. For instance, browse the internet, play high-definition videos, create spreadsheets, word processing, and more. With its computer-functioning capabilities, the Raspberry Pi was intended to be used for ethical purposes, which it is still used for. It can, however – through a payload – be instructed to carry out malicious, clandestine activity, thus making it a Rogue Device.
Raspberry Pi Security Challenges
PoisonTap is built for Raspberry Pi and produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network to produce a snowball effect of information exfiltration, network access, and installation of semi-permanent backdoors.
P4wnP1 is a highly customizable USB attack platform for the Raspberry Pi Zero or Raspberry Pi Zero W that allows one to connect the device to a host computer – as a HID or network interface.
NAC software supports network visibility and access management through policy enforcement on devices and users of corporate networks. To bypass, an attacker must access a device that has already been authenticated. In other words, a genuine device must be spoofed, which can be done with a Raspberry Pi.
The authenticated device is used to log into the network which then smuggles network packets from the Raspberry Pi by overwriting the MAC address, making it seem as if the packets are originating from the genuine, authenticated device. From here, the attacker has access to the organization’s network and can, consequently, move laterally through it. This can allow for a variety of potential attacks such as a data breach, malware installation, or Advanced Persistent Threat (APT) attack.
Advanced Persistent Threat (APT) Attack
An APT, which can be carried out with a Raspberry Pi, is one of the greatest threats to an organization due to the sophisticated, specific nature of the attack.
The clandestine essence of APT thus means that the targets are frequently government agencies or critical infrastructure providers since an attack on these sectors can often cause a risk to national security. With this type of motivation, APTs are usually affiliated with nation-state or state-sponsored actors, in addition to the fact that these attacks need strong capabilities to be carried out.
APTs allow the attacker to go deep into the target’s network and do so unnoticed for long periods of time using advanced hacking methods. State secrets, confidential data, and government officials’ personal information can be acquired through an APT attack for the purposes of sabotage or even terrorism.
Cyberwarfare is growing in prevalence due to nations’ economies, infrastructure, trade, business, communication, and transport and increasingly relying on IT and IT-enabled services. An attack on any sector can cause serious damage, not only to the direct target. Cyberwarfare is also cheaper and more immediate than traditional warfare, with less risk to human life – especially on the attacker’s side – and can allow smaller, weaker states to impose substantial damage on a strong adversary that would otherwise not be possible. By harming a strong adversary, smaller states have the potential to become powers in asymmetric warfare.
As a result, APTs are an appealing attack method for those with sabotage as a motive.
Due to its computer-like capabilities, the Raspberry Pi device can control a medical ventilator by setting the air pressure, opening and closing valves, and regulating whether a patient needs full or partial breathing assistance. Since a ventilator has relatively low demands, the Raspberry Pi Zero is the ideal device to power it, especially since it is inexpensive and portable. Additionally, the company producing Raspberry Pi builds to stock, rather than to order, meaning that the products are constantly on hand, which is essential during a pandemic. However, having computer-controlled ventilators means that there are more entry points for an attacker to target the healthcare industry, which is already the most frequently targeted industry.
The data held by healthcare facilities is known as Personal Health Information (PHI) and sells for 100x more than Personally Identifiable Information (PII) on the black market. Moreover, the healthcare industry is widely known to forgo cybersecurity in order to provide more efficient services to patients. Due to the often-critical nature of the industry, security features are viewed as a hindrance, rather than an aid.
Raspberry Pi Security And Physical Layer
Raspberry Pi devices pose significant security risks due to their covert nature. Their small size allows them to be discreetly embedded within peripherals or placed on networks, escaping human detection. Moreover, when used as USB attack tools, security software recognizes them as legitimate HID devices, evading suspicion. When acting as network implants, they operate on the Physical Layer (L1), outside the coverage of security software, rendering them undetectable and raising no security concerns.
Many times, enterprises’ IT and security teams struggle in providing complete and accurate visibility into their hardware assets, especially in today’s extremely challenging IT/OT/IoT environment. This is due to the fact that often, there is a lack of visibility, which leads to a weakened policy enforcement of hardware access. This may result in security accidents, such as ransomware attacks, data leakage, etc.
In order to address this challenge, ultimate visibility into your Hardware assets is required, regardless of their characteristics and the interface used for connection as attackers. Moreover, it is important to be practical and adjust to the dynamic Cybersecurity defenses put in place to block them, as well as take advantage of the “blind” spots – mainly through USB Human Interface Device (HID) emulating devices or Physical layer network implants.
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends best practice policies and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.
Sepio is the leader in the Rogue Device Mitigation (RDM) market and is disrupting the cybersecurity industry by uncovering hidden hardware attacks operating over network and USB interfaces. Sepio’s solution identifies, detects, and handles all peripherals; no device goes unmanaged.
The only company in the world to undertake Physical Layer fingerprinting, Sepio calculates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any attacks. With Machine Learning, the software analyses device behavior to identify abnormalities, such as a mouse acting as a keyboard.