At the Shmoocon security conference Friday in Washington, D.C., O’Connor presented the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the hardware in a commercially-available PogoPlug mini-computer, a few tiny antennas, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5 by 4 by 1 inch spy computer. And O’Connor has designed the cheap gadgets to be dropped from a drone, plugged inconspicuously into a wall socket, thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wifi network. With PogoPlugs currently on sale at Amazon for $25, O’Connor built his prototypes with gear that added up to just $46 each
It is a platform for all sorts of applications on its Linux operating system. Outfit it with temperature or humidity sensors, for instance, and it can be used for meteorological research or other innocent data-collecting. But install some Wifi-cracking software or add a $15 GPS module, and it can snoop on data networks or track a target’s location, O’Connor adds. As is often the case with these kinds of hacker projects, he says the devices are only intended for penetration testing–finding security flaws in clients’ networks in order to fix them —and wouldn’t comment on what DARPA might do with the technology.
One version attaches to the Parrot Drone, an iPhone-controllable quadcopter, sucking power off the drone’s rechargeable battery and allowing the user to hover over a target, land it on a roof, or drop the F-BOMB from a hook attachment on the drone.
Another version fits inside a carbon monoxide detector, and can be plugged into a wall socket to hide in plain sight inside a target’s building. In use-cases where it’s not plugged in, the most basic version of the F-BOMB comes with a module of AA batteries that allow for a few hours of use, though O’Connor says he’s working on versions with more longevity.
"It can fit whatever use case you want," he says. "Put it in a box of stale Triscuits in the office kitchen, and no one will touch it. Or hide it in a carbon monoxide detector and you can leave it there for months."
"If you lose it, it’s not a big deal," says O’Connor. "And if they take it apart, they don’t learn anything about you."
If you liked this article, please give it a quick review on ycombinator or StumbleUpon. Thanks