Documenting the Process of Hijacking a Raspberry Pi User Login Credentials via Remote Code Execution
Document Type
Article
Publication Date
9-2021
Publication Title
Journal of Information Systems Applied Research
Abstract
Cyber-security is a rapidly growing concern for all organizations. Ransomware and Botnets are becoming pervasive across the internet. Management needs to understand how systems are compromised by attackers who implant payloads as ransomware and botnets. One such concern is physical access to machines by bad actors in the organization or mobile workstations working at offsite locations. Gaining physical access a bad actor can implant malware in the form of ransomware or a botnet which becomes an initial point of entry for assuming control over an organizations network. In this example, we illustrate the dangers of physical access and use a USB device to implant a payload via remote code execution. The remote code installs an application developed to mimic a Windows 10 login screen and populates the login screen with the username of the currently logged in user. Once the user logs in to this fake screen, the application logs the user’s credentials, namely the username and plain text password, via an HTTP post to a remote command and control server. Following our demonstration, we discuss implications and countermeasures to aid management in improving security of the organization.
Recommended Citation
Patel, Nishitkumar, Hayden Wimmer, Loreen Powell.
2021.
"Documenting the Process of Hijacking a Raspberry Pi User Login Credentials via Remote Code Execution."
Journal of Information Systems Applied Research, 14 (3): 44-50: Information Systems and Computing Academic Professionals.
https://digitalcommons.georgiasouthern.edu/information-tech-facpubs/157
Comments
Georgia Southern University faculty member, Hayden Wimmer co-authored Documenting the Process of Hijacking a Raspberry Pi User Login Credentials via Remote Code Execution.