Most people are familiar with anti-virus software, but what about a threat lurking right under the desk? Well, a group of ECPI University students in Charleston, South Carolina have demonstrated just how simple it is to create an information-stealing covert device that seems like something from a spy novel.
The students embedded a popular miniature computer called a Raspberry Pi into a typical multi-plug power strip to create a device that, once implanted into an office setting, collects data covertly for recovery by the creators. The project required collaboration between Electronics Engineering Technology students, who completed much of the necessary hardware assembly, and Computer Information Science students, who programmed the device to carry out its task.
“Covert devices are very real and prevalent in our technological world,” said Project Manager Wesley Boothe. “These devices can be built with common materials from the internet and deployed in an inconspicuous manner with the purpose of gaining access to internal organizational data.” Appropriately enough, they named the device “The Odysseus,” a nod to the famous myth of the Trojan horse.
During a campus presentation, team members stressed the importance of physically inspecting workspace equipment as part of network security. Audience members were astonished by the ease in which the device was implanted, its inconspicuous nature, and the speed with which it began to collect data. “I would never think to look for something like that in my office, and if I did, I wouldn’t think it was unusual,” said Director of Admissions Jenny Beavers.
English faculty member Jennifer Gager added, “It was a wake-up call to me and just shows how important all facets of network security are in today’s world.” The team also plans to publish their study to encourage network security professionals everywhere to include and maintain physical inspection policies in their workplaces.