Spy-Pi: Do you trust your laptop docking stations?

Laptop docking stations are widely used in organisations, often in hot-desking environments. They provide a neat connectivity solution for workers who are semi-mobile and therefore use laptops rather than desktop PCs. However, laptop docks are an attractive target for an attacker. They have access to the network, to all the ports on a laptop, often some that aren’t and they are permanently connected to a power supply. But most importantly, they are considered to be trusted, “dumb” devices – the perception is that they just connect all the ports on your laptop to the ports in the dock. The IT department is typically more concerned about someone stealing your laptop, so they’ll ask you to physically secure your laptop, but not necessarily to secure the dock. I recently investigated how attackers can exploit the privileged position that laptop docking stations have within an environment and how to construct a remotely controllable, covert hardware implant, based on the Raspberry Pi miniature computer.  More importantly I went on to investigate some of the techniques that can be employed to detect such devices and mitigate the risks that they pose.

Would you be able to tell if there were hardware implants installed in your laptop docks?

Dell PR02X with the cover removed

With Spy-Pi implant inserted (Perspex cover for visibility)

To find out more about the capabilities of Spy-Pi and how it could potentially be detected or the risks it poses mitigated, check out my Black Hat Europe talk:

“To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms” (http://www.blackhat.com/eu-13/briefings.html#Davis)

Published date:  05 February 2013

Written by:  Andy Davis