[Noisebridge-discuss] Security implications of plug computers

Dr. Jesus j at hug.gs
Mon Feb 28 22:05:52 UTC 2011

Cute.  I'll bet you could add a LTE dongle and then the plug would
have a faster pipe than the site itself :)

On Mon, Feb 28, 2011 at 1:45 PM, Andrew Cantino <cantino at gmail.com> wrote:
> Good reply, thanks Dr. Jesus.  There's also
> http://pwnieexpress.com/pwnplug3g.html
> On Mon, Feb 28, 2011 at 11:46 AM, Dr. Jesus <j at hug.gs> wrote:
>> On Mon, Feb 28, 2011 at 9:41 AM, Andrew Cantino <cantino at gmail.com> wrote:
>>> I just wrote an article about how plug computers are a big potential
>>> security problem.  What do you think?  Have any of you played with a
>>> SheevaPlug yet?
>>> http://blog.andrewcantino.com/post/3565673304/why-plug-computers-are-a-security-nightmare
>> At least you can get datasheets and source code for the firmware.  Can
>> you say the same for your phone's radio processor or SIM?
>> A few points: the wireless parts being used in the plug computers are
>> all hard MAC, so they don't do sniffing or injection out of the box.
>> You can also load the OLPC thinfirm package on them to get raw
>> injection/capture but it's just not stable.  You're right that it's
>> possible to add some USB wireless interfaces, but then it becomes much
>> less inconspicuous.
>> Sure, they're cheap platforms with lots of fast I/O options, but
>> attackers continue to have access to options which involve $0 of
>> hardware.  I'm a lot more worried about those problems than I'm
>> worried about someone being able to physically install hardware in a
>> controlled area.

More information about the Noisebridge-discuss mailing list