The F-BOMB: A tiny $50 spying computer for DARPA
Everyone loves a cheap but effective solution, and DARPA – the US Department of Defense’s agency for developing new military technologies – is no exception.
As ShmooCon’s visitors have witnessed on Friday when one of the winners of the agency’s Cyber Fast Track program took the stage, it is possible to create an effective spying gadget for less than $50.
Security researcher Brendan O’Connor used commercial, off-the-shelf parts such as those contained in a PogoPlug mini-computer, a micro antenna, eight gigabytes of flash memory and customizable plastic casing, to construct his F-BOMB (Falling or Ballistically-launched Object that Makes Backdoors), which can be easily deployed and costs so little that it is perfectly expendable.
The project required him to make the gadget tiny in size (it’s 4 inches wide, 3.5 inches long, less than 1 inch high), had multiple wireless radios, had a long battery life (it can be plugged in indefinitely, and if not, it’s powered by AA batteries that make it operate for a few hours), had USB capability for expansions (GPS tracking capability and similar), and had reasonable storage space (8 GB).
He showed how it can be configured as a flight case, a drop case, masquerade as a CO detector or a barometer.
He says it can be dropped from a drone, plugged into a wall socket, put somewhere where nobody will think to look, or simply thrown by hand over a barrier, and immediately start collecting data and sending it back via Wifi unobtrusively.
“If some target is surrounded by bad men with guns, you don’t want to have to retrieve this, but you also don’t want to have to pay four or five hundred dollars for every use,” O’Connor shared with Forbes. “The idea is that it’s as close to free as possible. So you can throw a bunch of these sensors at a target and get away with losing a couple nodes in the process.”
But the best thing of all is that because it can be constructed with off-the-shelf parts that anyone can buy online (Amazon, eBay, etc.), if found by the people it aims to spy on, there’s nothing in it that it can tie the device to its creator and/or deployer.