Even additional embarrassing than a student discovering your GPS tracking device on his automobile, because the FBI recognized last year, has to raise him to present the expensive piece of kit back.
So security researcher Brendan O’Connor is attempting a distinct approach to spy hardware: building a sensor-equipped surveillance-capable laptop that’s thus low cost it will be sacrificed once one use, with off-the-shelf components that anyone should buy and assemble for fewer than fifty greenbacks.
At the Shmoocon security conference Friday in Washington D.C., O’Connor plans to gift the F-BOMB, or Falling or Ballistically-launched Object that creates Backdoors. designed from simply the hardware during a commercially-available PogoPlug mini-computer, many little antennae, eight gigabytes of flash memory and a few 3D-printed plastic casing, the F-BOMB is three.5 by four by one in. spy laptop. And O’Connor has designed a budget gadgets to dropped from a drone, plugged inconspicuously into a wall socket, thrown over a barrier, or otherwise place into irretrievable positions to quietly collect knowledge and send it back to the owner over any on the market Wifi network. With PogoPlugs currently on sale at Amazon for $25, O’Connor designed his prototypes with gear that added up to simply $46 every.
“If some target is surrounded by unhealthy men with guns, you don’t wish to own to retrieve this, however you furthermore may don’t wish to own to pay four or 5 hundred greenbacks for each use,” says O’Connor. “The plan is that it’s as near free as potential. thus you'll be able to throw a bunch of those sensors at a target and obtain away with losing some nodes within the method.”
Homemade because it could look, the F-BOMB is quite a hacker hobby. O’Connor says his one-man security consultancy Malice Afterthought received a Defense Advanced analysis comes Agency contract earlier this month to develop the devices as a part of the Cyber quick Track program, that awards tiny sums to inventors. Despite its name, O’Connor says the F-BOMB is designed to be a platform for all sorts of applications on its Linux operating system. Outfit it with temperature or humidity sensors, for instance, and it can be used for meteorological research or other innocent data-collecting. But install some Wifi-cracking software or add a $15 GPS module, and it can snoop on data networks or track a target’s location, O’Connor adds. As is often the case with these kinds of hacker projects, he says the devices are only intended for penetration testing–finding security flaws in clients’ networks in order to fix them–and wouldn’t comment on what DARPA might do with the technology.
That hasn’t stopped the 26-year old researcher from coming up with a few clever ways to deliver or hide the tiny spy computers. One version attaches to the Parrot Drone, an iPhone-controllable quadcopter, sucking power off the drone’s rechargeable battery and allowing the user to hover over a target, land it on a roof, or drop the F-BOMB from a hook attachment on the drone.
Another version fits inside a carbon monoxide detector, and can be plugged into a wall socket to hide in plain sight inside a target’s building. (As shown above) In use-cases where it’s not plugged in, the most basic version of the F-BOMB comes with a module of AA batteries that allow for a few hours of use, though O’Connor says he’s working on versions with more longevity.
“It can fit whatever use case you want,” he says. “Put it in a box of stale Triscuits in the office kitchen, and no one will touch it. Or hide it in a carbon monoxide detector and you can leave it there for months.”
O’Connor, who formerly worked for the DARPA-funded contractor SET and as a graduate student in John Hopkins’ sensor research lab, says he was inspired by a pair of talks at last summer’s hacker conference Defcon. One focused on systems for firing camera projectiles, while the other showed off the WASP, or Wireless Aerial Surveillance Platform, an adapted Air Force flying drone equipped with gear for cracking Wifi networks and snooping on cell phones.