[Noisebridge-discuss] Security implications of plug computers
Dr. Jesus
j at hug.gs
Mon Feb 28 22:05:52 UTC 2011
Cute. I'll bet you could add a LTE dongle and then the plug would
have a faster pipe than the site itself :)
On Mon, Feb 28, 2011 at 1:45 PM, Andrew Cantino <cantino at gmail.com> wrote:
> Good reply, thanks Dr. Jesus. There's also
> http://pwnieexpress.com/pwnplug3g.html
>
> On Mon, Feb 28, 2011 at 11:46 AM, Dr. Jesus <j at hug.gs> wrote:
>> On Mon, Feb 28, 2011 at 9:41 AM, Andrew Cantino <cantino at gmail.com> wrote:
>>> I just wrote an article about how plug computers are a big potential
>>> security problem. What do you think? Have any of you played with a
>>> SheevaPlug yet?
>>>
>>> http://blog.andrewcantino.com/post/3565673304/why-plug-computers-are-a-security-nightmare
>>
>> At least you can get datasheets and source code for the firmware. Can
>> you say the same for your phone's radio processor or SIM?
>>
>> A few points: the wireless parts being used in the plug computers are
>> all hard MAC, so they don't do sniffing or injection out of the box.
>> You can also load the OLPC thinfirm package on them to get raw
>> injection/capture but it's just not stable. You're right that it's
>> possible to add some USB wireless interfaces, but then it becomes much
>> less inconspicuous.
>>
>> Sure, they're cheap platforms with lots of fast I/O options, but
>> attackers continue to have access to options which involve $0 of
>> hardware. I'm a lot more worried about those problems than I'm
>> worried about someone being able to physically install hardware in a
>> controlled area.
>>
>
More information about the Noisebridge-discuss
mailing list