Trojaned Docking Stations (and free DEFENSIVE security advice, lifehacking: pink noise, micropower TMS)

First of all, I feel the need for a re-quote: “Don’t get crushed when it topples down. If you can make a difference, do it, but there are huge forces at work here, and they have to play themselves out according to their own design, not yours. Watch yourself.”

A grizzled sysadmin once gave me a good tip for when shit hits the fan: STOP, don’t do whatever you were thinking, and go take a dump instead. Now, no matter how confident you are that you know everything, when big forces are at work — assume you know jack shit about what’s actually possible. Take only the risks that you know serve your interests, make sure you have a backup plan for your backup plan, and stop trusting anything you don’t understand. Then walk the fuck away — seriously! —
and start putting your energy into supporting yourself independent of any company or organization.


Some clever Brits figured out that lots of people secure their laptops, and then proceed to plug them into docking stations left unsecured. This is a wonderful opportunity for attackers to trojan said docking stations.

Now, if I was doing this, I’d skip the docking station. Too easy to spot. Instead, I’d embed a contact microphone and transmitter into the table and use it as an acoustic keylogger.

Defense? See above. And measures against spotting surreptitious entry as described here, ad infinitum. But even those won’t really help if you’re worried about acoustic keylogging.

Lifehacking, a couple of updates: Pink noise through a single turn wire loop (~2.5m dia) has turned out to be noticeably more effective than a 10 turn loop. I don’t understand exactly why, but I suspect there’s an electromagnetic equivalent of damping factor at work here.

Also, if you’ve built yourself a micropower TMS (“instant sanity in the midst of armageddon”) device, a MAJOR improvement that costs 3 EUR (or equivalent) and bestows even more sanity and clear thinking.

Go find yourself a hippie new age gem shop (online is OK) that sells magnetite crystals. (

Mount one of these crystals in the near field of your coil.

Assuming your current rise time is fast enough (>30-100kHz equivalent bandwidth) this should create a replica of the geomagnetic wave spectra. Why? When the magnetite crystallized n thousand years ago, the magnetic domains aligned themselves to resonate with the oscillations in the geomagnetic field caused by various things in the Earth’s crust. The fast rising local magnetic pulse now excites the (ferromagnetic) magnetite, which “rings” at those frequencies.

Note my device uses, in addition to the 555/15k relay coil, a 2n2426 relaxation oscillator @ ~15Hz driving a coil around a mu-metal core —
this forms a magnetic pulse compression circuit with >70MHz equivalent bandwidth. YMMV.

In other news, there is some evidence that Anonymous had wide access to the US Federal Reserve, suggesting the initial “no big deal” responses were a tad premature:

“You know that docking station you snap your laptop into at the office? It can be hacked, too.

A British researcher next month at Black Hat Europe will show just how valuable those seemingly benign devices can be to a determined attacker targeting an organization or group of users. Andy Davis, research director for U.K.-based NCC Group, built a prototype hardware device that can easily be placed inside a laptop docking station to sniff traffic and, ultimately, steal sensitive corporate communications information from the laptop.

“You see docking stations all over the place in organizations because people are using hot-desking type environments, so different laptops can be attached to [the docks] each day,” Davis says. “And they are considered a trusted part of the infrastructure: Nobody thinks someone might tamper with one or swap one for another. Admins are more concerned with protecting your laptop: That’s where the money is and the information.”

But Davis says docking stations, which are rarely secured physically, can easily be rigged with rogue devices that intercept everything from data traffic to USB devices to softphones to videoconference traffic, even if it’s encrypted. “If you have access to a dock, you have information on all the other ports, such as softphones or videoconference traffic … It can capture traffic before it’s encrypted and after it’s decrypted.” “

%d bloggers like this: