A security company used a Raspberry Pi to hack a network

Kaspersky has made another disturbing finding, as security firms often do, and in this case it’s the fact that a corporate network can be cracked wide open using a basic hacking tool. Namely a piece of hardware that costs just $20 (£15) and can be configured in just a few hours by someone with only a basic knowledge of programming.

The experiment Kaspersky conducted involved using a Raspberry Pi which was configured as an Ethernet adapter, had the OS tweaked slightly, with publicly available tools for packet sniffing and data collection then being installed.

Security researchers from the company set up a server to collect the data which this device would intercept, and the Raspberry Pi-powered device was then connected to a target (victim) PC.

The device subsequently fed data back to the server, and Kaspersky says it was able to collect passwords from the corporate network at a rate of 50 per hour – these were hashed passwords, mind, but as the security company notes: “The hashes could be deciphered into passwords, since the algorithms are known or used in pass-the-hash attacks.”

Obviously, this is a pretty worrying observation, particularly as no malicious software was needed at all – just easily available programs downloaded from the internet.

The caveat is that this isn’t something which can be pulled off remotely, as obviously the attacker must have physical access to a PC on the company network, in order to plug the device into a port.

Cleaned out

However, this is far from unheard-of in the corporate world. Indeed, Kaspersky’s investigation was inspired by the real-world story of a cleaner at an organisation who used a USB stick to infect the company network with malware.

Kaspersky explains that the attack works because the operating system of the victim PC identifies the Raspberry Pi device as a wired LAN adapter, and gives it access to data exchange within the network. The attack works against both Windows and Mac computers (whether locked or unlocked), but researchers couldn’t pull it off with a Linux computer.

The main defence against attacks like these revolves around educating staff members. For example, when returning to their computers, employees should be aware to check for extra USB devices plugged into their machines. And of course USB sticks from unknown or untrusted sources should never be used with company PCs (or any machine, for that matter).

Beyond that, extra precautions can include changing passwords regularly, and enabling two-factor authentication, so knowledge of a password isn’t enough to log on (because this requires a second factor, like a texted code, when logging in from a new device or location).

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games