heise Security - 15 March 2013
In his presentation at the Black Hat Europe security conference, Andy Davis from the UK-based NCC Group explained how he turned a Dell docking station (Latitude E series) into a data spy that is difficult to detect. Apparently, the top part of the dock housing provides enough empty space to add various extra hardware components.
The core component is a Raspberry-Pi-based controller that only weighs 45 grams. The controller is hooked up to the docking station's various interfaces – Ethernet, VGA, USB, audio – and combined with a 3G/4G stick and flash memory. This "Spy-Pi" controller will use mobile networks to transmit the harvested data, and it can also receive remote instructions this way.
Davis says that all important interfaces are accessible from the inside, and that a few solder points are all that is required to tap into the ports. Two potential approaches are conceivable in terms of the network interface: either passive sniffing via an Ethernet switch or an active connection that involves inserting a tiny Ethernet hub into the docking station.
The hacker said that the second approach offers the advantage that it also allows attackers to inject data into a network and infiltrate the intranet. Davis noted that the disadvantage of using a hub is that it adds an extra MAC address that may raise suspicion when the switches are monitored. The researcher continued explaining that the Ethernet switch has the disadvantage that encrypted data traffic can be recorded, but not decrypted. Also, the switch isn't capable of transferring at data rates in excess of 100 Mbits/s, which could potentially be detected when a network is monitored.
http://www.h-online.com/security/news/item/Devious-dock-is-Raspberry-Pi-powered-data-drainer-1824051.html
