[Noisebridge-discuss] Security implications of plug computers

Dr. Jesus j at hug.gs
Mon Feb 28 19:46:27 UTC 2011

On Mon, Feb 28, 2011 at 9:41 AM, Andrew Cantino <cantino at gmail.com> wrote:
> I just wrote an article about how plug computers are a big potential
> security problem.  What do you think?  Have any of you played with a
> SheevaPlug yet?
> http://blog.andrewcantino.com/post/3565673304/why-plug-computers-are-a-security-nightmare

At least you can get datasheets and source code for the firmware.  Can
you say the same for your phone's radio processor or SIM?

A few points: the wireless parts being used in the plug computers are
all hard MAC, so they don't do sniffing or injection out of the box.
You can also load the OLPC thinfirm package on them to get raw
injection/capture but it's just not stable.  You're right that it's
possible to add some USB wireless interfaces, but then it becomes much
less inconspicuous.

Sure, they're cheap platforms with lots of fast I/O options, but
attackers continue to have access to options which involve $0 of
hardware.  I'm a lot more worried about those problems than I'm
worried about someone being able to physically install hardware in a
controlled area.

More information about the Noisebridge-discuss mailing list