Raspberry Pi Foundation Says 'No' To Malware - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // IoT
Commentary
12/29/2015
09:06 AM
50%
50%

Raspberry Pi Foundation Says 'No' To Malware

The Raspberry Pi Foundation was reportedly offered cash to put malware on its latest boards. The organization declined the offer.

Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
(Click image for larger view and slideshow.)

Malware on your nice, new system could be as close as a hacker's checkbook. That checkbook will need to work with an organization other than the Raspberry Pi Foundation, though. Open slots in Raspbian Linux are not for sale.

Numerous news sites are reporting that Liz Upton, the Raspberry Pi Foundation's communications director, received an email offering to pay the foundation to put an executable file on its small controllers that would take users to a particular website. Upton declined the opportunity and tweeted an image of the solicitation with critical details redacted.

(Image: Raspberry Pi Foundation via Twitter)

(Image: Raspberry Pi Foundation via Twitter)

Certain details of the file to be included (such as the ".exe" extension) indicate that the latest version of the Raspberry Pi -- a version capable of running Windows 10 Embedded -- is the target. Windows 10 compatibility opens the new Raspberry Pi to a new realm of malware, though the Internet of Things doesn't require Windows to provide a malware vulnerability.

[Want to know more about the Internet of Things? Read 10 Raspberry Pi Projects For Learning IoT.]

In fall 2015, malware was found that infects IoT devices running Linux. While the malware, Linux.Wifatch, behaves oddly for its kind, its ability to infect IoT devices is a demonstration that a GUI and attached keyboard are not required for malware infection.

(Image: Coffee via Pixabay)

(Image: Coffee via Pixabay)

Linux.Wifatch seems to actually protect infected systems from other malware, but researchers and security analysts know that malware authors can't be counted upon to behave altruistically in the future.

One of the significant problems facing IoT developers is a lack of choice in anti-malware packages dedicated to the embedded system market. McAfee offers a product aimed at embedded systems, but it is limited in its target platforms and notably lacking in extensive competition.

Until robust security is available across IoT platforms, it's a near certainty that companies depending on malware for their business will continue to chip away at vendors in the embedded systems market. It should be only a matter of time before they find one with standards that are sufficiently low -- or cash-flow requirements that are sufficiently high -- to make deal, at which time the IoT will change, and not in a good way.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
1/5/2016 | 8:01:16 PM
Re: Name?
This is entertaining, but I would imagine that the Raspberry Pi Foundation gets emails just like this all the time. 

Something tells me that the Foundation is getting tired of the unsolicited offers. Anyone else agree?
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
12/31/2015 | 7:22:17 AM
Good to hear
Great to hear the guys at Raspberry are so stand up. You have to wonder how many organisations have been approached by companies like this and perhaps even government sponsored intelligence agencies. 

If the NSA isn't above hacking hard drive firmware, it wouldn't be surprising if it tried to get its malware into systems like this too.
AndrewfOP
50%
50%
AndrewfOP,
User Rank: Moderator
12/29/2015 | 10:40:09 AM
Re: Name?
Looks like a typical scam artist writing to me.  What's so scary about the state of scam/malware/phishing/DDoS or anything related to computer/internet security is that anyone willing to provide money can have the most sophisticated dark IT infrastructure at their disposables via dark web and other channels even if the person with money has no clue how a computer works.  Until all IT vendors and suppliers have concerted efforts on security and general awareness of potential security breaches, like the folks at Raspberry Pi Foundation have, navigating computer networks would still be not much different from navigating minefields with new mines being planted all the time.
BrooklynNellie2
50%
50%
BrooklynNellie2,
User Rank: Moderator
12/29/2015 | 9:57:56 AM
Name?
Don;t be so coy. She should name and shame the company. Based on the writing style, I'm guessing it's Chinese, probably with close ties to the Army.
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll