– DARPA-Funded Hacker’s Tiny $50 Spy Computer Hides In Offices, Drops From Drones (Forbes, Jan. 27, 2012):
Even more embarrassing than a student discovering your GPS tracking device on his car, as the FBI found out last year, is having to ask him to give the expensive piece of equipment back.
So security researcher Brendan O’Connor is trying a different approach to spy hardware: building a sensor-equipped surveillance-capable computer that’s so cheap it can be sacrificed after one use, with off-the-shelf parts that anyone can buy and assemble for less than fifty dollars.
At the Shmoocon security conference Friday in Washington D.C., O’Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5 by 4 by 1 inch spy computer. And O’Connor has designed the cheap gadgets to dropped from a drone, plugged inconspicuously into a wall socket, thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wifi network. With PogoPlugs currently on sale at Amazon for $25, O’Connor built his prototypes with gear that added up to just $46 each.
“If some target is surrounded by bad men with guns, you don’t want to have to retrieve this, but you also don’t want to have to pay four or five hundred dollars for every use,” says O’Connor. “The idea is that it’s as close to free as possible. So you can throw a bunch of these sensors at a target and get away with losing a couple nodes in the process.”
Homemade as it may look, the F-BOMB is more than a hacker hobby. O’Connor says his one-man security consultancy Malice Afterthought received a Defense Advanced Research Projects Agency contract earlier this month to develop the devices as part of the Cyber Fast Track program, which awards small sums to inventors.
Despite its name, O’Connor says the F-BOMB is designed to be a platform for all sorts of applications on its Linux operating system. Outfit it with temperature or humidity sensors, for instance, and it can be used for meteorological research or other innocent data-collecting. But install some Wifi-cracking software or add a $15 GPS module, and it can snoop on data networks or track a target’s location, O’Connor adds. As is often the case with these kinds of hacker projects, he says the devices are only intended for penetration testing–finding security flaws in clients’ networks in order to fix them–and wouldn’t comment on what DARPA might do with the technology.
Read moreDARPA-Funded Hacker’s Tiny $50 Spy Computer Hides In Offices, DROPS FROM DRONES