[Noisebridge-discuss] Security implications of plug computers

Andrew Cantino cantino at gmail.com
Mon Feb 28 21:45:05 UTC 2011


Good reply, thanks Dr. Jesus.  There's also
http://pwnieexpress.com/pwnplug3g.html

On Mon, Feb 28, 2011 at 11:46 AM, Dr. Jesus <j at hug.gs> wrote:
> On Mon, Feb 28, 2011 at 9:41 AM, Andrew Cantino <cantino at gmail.com> wrote:
>> I just wrote an article about how plug computers are a big potential
>> security problem.  What do you think?  Have any of you played with a
>> SheevaPlug yet?
>>
>> http://blog.andrewcantino.com/post/3565673304/why-plug-computers-are-a-security-nightmare
>
> At least you can get datasheets and source code for the firmware.  Can
> you say the same for your phone's radio processor or SIM?
>
> A few points: the wireless parts being used in the plug computers are
> all hard MAC, so they don't do sniffing or injection out of the box.
> You can also load the OLPC thinfirm package on them to get raw
> injection/capture but it's just not stable.  You're right that it's
> possible to add some USB wireless interfaces, but then it becomes much
> less inconspicuous.
>
> Sure, they're cheap platforms with lots of fast I/O options, but
> attackers continue to have access to options which involve $0 of
> hardware.  I'm a lot more worried about those problems than I'm
> worried about someone being able to physically install hardware in a
> controlled area.
>



More information about the Noisebridge-discuss mailing list