1. 94
  1.  

  2. 18

    Additional info on the reddit post:

    Final Update

    It really was the ex employee who said he put it there almost a year ago to “help us identifying wifi problems and tracking users in the area around the Managers office”. He didn’t answer as to why he never told us, as his main argument was to help us with his data and he has still not sent us the data he collected. We handed the case over to the authorities.

    1. 8

      That’s an incredibly weak lie lol

    2. 7

      I’m kinda surprised the author couldn’t engage assistance to decompile the nodejs app and figure out what it did.

      Neat write-up though, and yet another example of why locking down physical access hard is so critical for security.

      1. 10

        Neat write-up though, and yet another example of why locking down physical access hard is so critical for security.

        Indeed! With access to the SD card and a non-encrypted (or, even worse, non-ramdisk) filesystem, forensics was made significantly easier. :(

      2. 6

        Even better would be if he put it in a fake power strip enclosure or in a wall wart.

        1. 5

          they identified the dongle as a microprocessor, almost as powerful as the Rasberry Pi itself: the nRF52832-MDK

          If I understand correctly, that’s a Cortex M4-based microcontroller, not a processor almost as powerful as the Raspberry Pi.

          1. 1

            Cortex M4 is an armv7-m processor, as opposed to armv7-a in some of Pi models. The biggest performance handicap is Thumb instruction set only, which qualifies it as “almost as powerful” in my view.

            1. 3

              The M4 on the dongle runs at 64Mhz, has 64kB of RAM and 512kB of flash. The Pi, depending on which gen, is over 1GHz clock speed, possibly even multi-core, with a 1GB of RAM and as much flash as the SD card you put in. There is an orders of magnitude difference in performance between the Pi and the dongle.

              mwcampbell’s claim is correct.

          2. 2

            Great detective work and fun read

            1. -1

              I always love reading stories like this.