Documenting the Process of Hijacking a Raspberry Pi User Login Credentials via Remote Code Execution

Document Type

Article

Publication Date

9-2021

Publication Title

Journal of Information Systems Applied Research

Abstract

Cyber-security is a rapidly growing concern for all organizations. Ransomware and Botnets are becoming pervasive across the internet. Management needs to understand how systems are compromised by attackers who implant payloads as ransomware and botnets. One such concern is physical access to machines by bad actors in the organization or mobile workstations working at offsite locations. Gaining physical access a bad actor can implant malware in the form of ransomware or a botnet which becomes an initial point of entry for assuming control over an organizations network. In this example, we illustrate the dangers of physical access and use a USB device to implant a payload via remote code execution. The remote code installs an application developed to mimic a Windows 10 login screen and populates the login screen with the username of the currently logged in user. Once the user logs in to this fake screen, the application logs the user’s credentials, namely the username and plain text password, via an HTTP post to a remote command and control server. Following our demonstration, we discuss implications and countermeasures to aid management in improving security of the organization.

Comments

Georgia Southern University faculty member, Hayden Wimmer co-authored Documenting the Process of Hijacking a Raspberry Pi User Login Credentials via Remote Code Execution.

Share

COinS