Pi Spy

Pi spy was an entry my hackathon team made with the goal of demonstrating a novel attack vector against unencrypted network traffic.

The project revolved around a malicious NIC installation that included a raspberry-pi running tcpdump and a passive network tap that intercepted all traffic from the desktop’s ethernet port.

By powering the raspberry-pi off of the Molex adapters from the PC’s PSU we were able to ensure that the pi ran continuously whenever the PC was turned on. This allowed us to man-in-the middle all traffic to the device and exfiltrate the data via an out-of-band wifi or GSM connection.

The whole hardware rig takes less than 5 minutes to plug in with practice and provides near invisible network tapping capabilities. Since the MITM happens external to the desktop, a system administrator would not be able to detect the hardware changes short of physically opening up the tower and searching for bugs.

This not only serves as an effective demonstration of the risk of allowing untrusted parties physical access to devices (even if those devices have robust software and password protections), it also presents a potential approach for obtaining wiretaps in law enforcement or intelligence collection capacities when targeting a technically sophisticated user like a network administrator who would notice additions to the phone closet or configuration changes on network switches. Thanks to the raspberry-pi’s affordability, the device is also extremely cost competitive compared to less robustly-featured commercial network taps.