Hardware hacker spots 'ghost in the ethernet optic'

Hardware hacker Ben Cox has spotted an interesting bit of kit that we're sure has entirely reasonable uses other than network intrusion: Plumspace's Smart SFP TAP.

You can't trust cables. We're not just talking about the well-established quantum nature of USB Type A connectors, where despite the fact that it occupies three macroscopic spatial dimensions, it nonetheless requires more than two rotations to fit into a socket, and therefore is a spin-½ object. USB plugs are fermions.

But did you know that some of them can also spy on you? Way back in 2008, the US National Security Agency (NSA) had COTTONMOUTH, a bargain-priced $20,000 USB 2 cable that could wirelessly intercept or modify communications between a PC and USB peripherals.

Now, a more modest USB audio bug is an off-the-shelf item. You can even buy them on eBay, or cheaper still on Alibaba. Inside the USB plug is a nanoSIM card and the guts of a phone: text it, and it replies where it is. Call it, and listen to what's going on around it… or you can tell it to ring you when it hears anything loud.

A newer variant and getting much closer to NSA pro-grade kit is the O.MG cable – a Wi-Fi version of a BadUSB device, basically, so you can control it remotely.

A little more expensive at $120, but still very reasonable if you need such a thing. We will not ask why.

But, as Cox pointed out, Plumspace's Smart SFP TAP is an enterprise-level version.

Network types will be familiar with the SFP or Small Formfactor Pluggable: it's a tiny gadget that converts between copper and fibre-optic Gigabit Ethernet. Plumspace's version is slightly bigger but contains an embedded 528MHz ARMv7 computer with 4GB of Flash and half a gig of RAM, running Debian Jessie.

The firm markets it as useful for "network visibility and monitoring" as well as "monitoring and troubleshooting goals" adding that it will "gather detailed traffic statistics by IP flows in NetFlow, sFlow or IPFIX format" and "can be used with any flow collector."

To be fair, it's half as big again as a typical SFP and it runs quite hot, but concealing that inside a busy wiring cabinet wouldn't be too hard. £150 is a small price to pay for something that can monitor, capture or relay gigabit-speed comms for anything interesting going to a particular address. For perfectly legitimate business reasons, of course. ®

