I was wondering what are the risks of connect a Raspberry pi to a PC through the USB port?I could think of HID emulation and keystroke injection into the victims PC.Other than that what are the possible attacks?
Asked
Active
Viewed 279 times
1
-
1Can you be more specific about what you mean by "connect through a USB port" ? Like a male-to-male USB cable on the Pi's data USB ports, or simple powering the Pi from a PC on the Pis USB micro / power port? – Mike Ounsworth Dec 06 '16 at 21:41
-
I mean through the data's USB port.I guess the power USB port cannot be used for this purpose. – PMD Dec 06 '16 at 21:53
1 Answers
3
The answer depends on what you mean by "connect through a USB port" A Raspberry Pi has two types of USB port: the data ports using full-sized USB headers, and the power port using a microUSB header.
Power Port
If you are connecting the Pi's 5V power port to a PC for the purposes of powering the Pi, then you are safe because the microUSB's data pins are disconnected [source]. I suppose there's a risk of over-voltage and frying the Pi / PC, but that's hardly a security issue.
Data ports
If you are connecting the data USB ports of the Pi to a PC - either with a male-male USB cable, or through a hub, then all bets are off. A malicious Pi could advertize itself to the PC however it wants, as a HID device, as a USB harddrive, printer, wtv, the PC won't be able to tell the difference.
Mike Ounsworth
- 57,707
- 21
- 150
- 207
-
Thank you. I was searching through the internet.The keystroke injection and keyboard emulation is possible with Raspberry pi Zero ; [link](https://www.reddit.com/r/raspberry_pi/comments/46ikup/duckberry_pi_keyboard_emulator_and_automator_on_a/) - but with Raspberry Pi 3 I did not find proper answers. Any ideas? – PMD Dec 07 '16 at 20:27
-
@That seems to have more to do with the OS that comes default on a Pi Zero, rather than about the hardware itself. Have you tried installing the DuckBerry Pi OS on a Pi 3? – Mike Ounsworth Dec 07 '16 at 20:47