Schneier on Security
A blog covering security and security technology.
« New Security Risks for Windows XP Systems |
| EU Might Raise Fines for Data Breaches »
January 27, 2014
SPARROW II: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:
(TS//SI//REL) An embedded computer system running BLINDDATE tools. Sparrow II is a fully functional WLAN collection system with integrated Mini PCI slots for added functionality such as GPS and multiple Wireless Network Interface Cards.
(U//FOUO) System Specs
Processor: IBM Power PC 405GPR
Memory: 64MB (SDRAM), 16MB (FLASH)
Expansion: Mini PCI (Up to 4 devices) supports USB, Compact Flash, and 802.11 B/G
OS: Linux (2.4 Kernel)
Application SW: BLINDDATE
Battery Time: At least two hours
(TS//SI//REL) The Sparrow II is a capable option for deployment where small size, minimal weight and reduced power consumption are required. PCI devices can be connected to the Sparrow II to provide additional functionality, such as wireless command and control or a second or third 802.11 card. The Sparrow is shipped with Linux and runs the BLINDDATE software suite.
Unit Cost: $6K
Status: (S//SI//REL) Operational Restrictions exist for equipment deployment.
Page, with graphics, is here. General information about TAO and the catalog is here.
In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.
Posted on January 27, 2014 at 8:06 PM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I would agree. Two hours of running time, and the blurb about operational restrictions makes me think this is a targeted platform, not at all like the "set it and forget it" ethos behind the router implants.
Just from the picture, it looks like a standard Wifi omnidirectional antenna, probably to soak up local traffic passively. If you wanted to tag who's who at a conference or meeting, I would guess this would be difficult to pick up.
OTOH, "Operational Restrictions" is interesting. Does that mean "Don't put it too near the gym showers" because it'll die in humid conditions, or "Don't put it near this list of targets, because they can find it and pull the list of compromised/exposed systems"?
Whilst IO cards are cheap and available from Amazon etc, I suspect the CPU card may be a custom design with a custom PCI bus cage.
As one of the uses is to put it in a toy plane I suspect they don't figure on selling more than a couple of dozen, so there is the cost of hardware design and porting of the OS and application software to amortize.
So the question should be "Is 50K USD to much for a working design?"
That sum would get you about about a man month tops, and that's without paying for hardware manufacture for test, so maybe four man weeks...
Whilst the chip from Broadcom that the Raspbery Pi is made from may not have been in circulation back then, all of the usefull bits were in two or three other chips at the time. And the mobile phone chipsets back then were sub 15USD.
And it was not much after that a Linux computer appeared in a case little larger than a "wall-wart" of the time.
Without running it down all the Raspberry Pi has done technicaly is given a new lease of life to a chip...
But socialogicaly what they have done by making it available to not just the man on the street but more importantly his kids, that still dream of "what can be", not the nightmares of "what has to be" --to put food on the table whilst keeping the roof over their heads--, is give todays kids the chance to be as UK kids were in the 1980's. Who used the acorn chips in the BBC Model B computer to learn, and some of whom went to work at Acorn to develop the ARM processors of today.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.