You learn bizarre trivia nearly every day, but a security researcher who won a DARPA Cyber Fast Track research award said, DARPA "loves terrible acronyms." With that in mind, Brendan O'Connor dubbed his new project the "F-BOMB" -- for Falling or Ballistically-launched Object that Makes Backdoors. O'Connor wrote on Times and Measures that DARPA likes the F-BOMB system and wants Malice Afterthought, O'Connor's security and software consultancy, "to develop the software command and control components to complement the hardware." Basically the F-BOMB is a $50 disposable 'spy computer' prototype. And it's very tiny -- only about 4 inches wide, 3.5 inches long, and not quite 1 inch high.
While the war-flying WASP, a Wi-Fi-sniffing drone, is very cool, it cost about $8,000 which most people can't afford to just throw away; O'Connor wanted disposable computing, built with cheap, COT (commercial off-the-shelf) parts which could readily be found anywhere such as eBay, Craigslist, or Amazon. That way, if and when it's found by bad guys with guns, there is nothing to finger who the $50 device belongs to, O'Connor explained this past weekend at ShmooCon, the much beloved white hat security conference.
The Linux-based F-BOMB is designed to be highly configurable so it is capable of being something innocent like a barometer, or "install some Wifi-cracking software or add a $15 GPS module, and it can snoop on data networks or track a target's location." According to Forbes, O'Connor designed the cheap gadgets to be "dropped from a drone, plugged inconspicuously into a wall socket, thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wifi network."
The F-BOMB is made from a PogoPlug mini-computer, eight gigabytes of flash memory, some plastic casing, and an antenna that is "smaller than your little toenail." The cost is about $49 and it runs on cheap AA batteries. On the creepy surveillance-stalker side, it can send collected data, such as a target's GPS coordinates, back over a Wi-Fi network. If such a device were FedExed to a business, and a vacationing employee, penetration testers could record and transmit security vulnerabilities. The white hat hackers would have all the data they needed by the time the employee returned. Black hats or crooks could use it too. "It can fit whatever use case you want. Put it in a box of stale Triscuits in the office kitchen, and no one will touch it. Or hide it in a carbon monoxide detector and you can leave it there for months," O'Connor told Forbes.
A bit of irony on this whole surveillance-on-the-cheap is that when O'Connor is not doing client work, "he pursues his own research interests in identity and privacy." He is a University of Wisconsin law student and when he can find the time, he also works on "wearable computing, autonomous aircraft, and emergency and failsafe communication, the last facilitated by his Amateur Extra ham radio license."