If I wanted to do something like this I'd create open WiFi access points called something like "DeadDrop". They wouldn't be connected to the internet. Instead they'd forward you to a locally hosted site that let you download and upload from local storage.
WiFi has a lot of advantages. You eliminate the risk of USB attacks, physical damage to the device, and the actual location is unknown. The downside is that it would require power.
The Pirate Box[1] firmware is the perfect thing for this. The problem is finding power to keep the box running, but with wifi, you can hide the box somewhere out of site.
I have always thought it would be cool to set up a piratebox somewhere running from a solar panel. Then in daylight hours the dead drop would be there, but it would be gone at night.
There's an Android version in case you have old smartphones lying around. They're more powerful than the OpenWRT routers and they do have their own power. You need to root your phone first though.
Radio direction finding is well known and easily performed. The location may not be immediately obvious, but a knowledgeable person could find it without much difficulty.
I wonder if you could use Bluetooth Low Energy instead of WiFi as the power saving can last years. iBeacons have the potential to last years on a single battery. Probably not ideal for transferring large amounts of information though.
You could make the data available elsewhere in encrypted form and use the Bluetooth device to distribute the key and the URL where the data can be found.
I've often wondered about how much power it would take to run a wireless SD card (enough to be solar powered?) and how the software could be extended to allow uploads.
That's a pretty interesting idea. It would be easy to power them via solar. I couldn't find power specs for WiFi cards but it seems typical SD cards run on 3.3V up to 300mW, but newer high speed cards can draw up to 3W. A small panel could easily handle that.
> If you spot a USB flash drive cemented into a wall or kerb, you may have stumbled across a Dead Drop, part of a global art project borrowing tricks from the world of espionage
Or, you might have stumbled across 240VAC wired to a USB connector.
The article mentions USB attacks/exploits...but even more dangerous would be child pornography,at least in the US such a crime does not require intent (as automatic as it gets in a criminal context) simply being in possession or even constructive possession would lead to a conviction and a lifetime registration on the sexual offender list.
I'm not sure that it does. The countermeasures mentioned are for protecting against good old file-based executable exploits. I don't think they even understand the concept of firmware exploits.
Since the BadUSB exploit is a MITM for data going through the USB interface, it's existence doesn't increase the risk. All the executable files could just be infected to start with.
It's pretty much the worst idea to execute random files you find in the street anyway so the risk probably isn't that high in the first place.
It's supposed to appear dangerous. The first time anything actually dangerous happened the user would immediately stop using them. Or worse, they'll end up in prison. Copying a random zip file of the Anarchist's Cookbook on to your PC will get you a few hours of questioning by the police and a caution not to be so stupid as to be a pretend spy again; why you downloaded an archive of several thousand child porn pictures is quite a bit harder to explain away as a bit of fun.
So I found one of these in my city. The Dead Drops homepage has a list of all known locations: https://deaddrops.com/. Took a while to find the exact spot, and when I plugged in... nothing. The drive was completely exposed to the elements without much protection, so it was rusty and as far as I could tell useless. I have a hunch that most of them suffered similar fates.
A more surreptitious spy would have a piece of hardware that can manipulate a USB drive without needing a full laptop. Any small USB host would do, from an old MP3 player to a Sony PSP.
Something like the Raspberry Pi would probably work well.
It's small, can be powered from a battery pack, you can add some scripts that automount the USB stick and copy everything off (and/or add some things of your own)
As far as small USB hosts, an Android phone with a USB OTG cable would be a pretty nice way to connect to something like this and copy files back and forth. I don't think they're very vulnerable to most of the usual potential nastiness of a malicious USB device.
But no matter what sort of device you're using, it's pretty far from anything an actual spy might use. Any actual spy would want something discrete enough that you could be watched, videotaped, and photographed from multiple angles while making or picking up the drop, and even with endless analysis of the recordings, still have the security service not know that anything happened.
Some of Tom Clancy's books are pretty decent on realistic spy tradecraft, even if they're dicey on other subjects.
If we're talking about general tradecraft, in a how would you do it vein. I suspect a small internet-enabled device set to randomly transmit some time in the next few days or so, that sends OTP encrypted messages to as many people as it can, including the destination, and that self-destructs... releases acid or whatever into the chips... once it's done or if it's tampered with, would be hard to trace back the sender.
Throw it in a bin along with your morning coffee in a place thousands of people go a day - it'll get mixed in with all the other trash in a landfill somewhere and then good luck finding whose trash it went there with....
Well you just need to find a piece of hardware that acts as a USB host. The Raspberry Pi mentioned above would work, but you'd need a keyboard/screen or scripts to do it automatically. With the right hardware (even a rooted Android phone), you would be able to see the USB drive as just more removable storage just like your PC would.
Tutorial:
1) Have hardware that acts as a USB host
2) Work with the files just like you would on your PC
I was really into this about a year ago, so I placed one in a brick wall near my apartment. The device probably made it three days before being completely covered in rust.
Readit News
WiFi has a lot of advantages. You eliminate the risk of USB attacks, physical damage to the device, and the actual location is unknown. The downside is that it would require power.
I have always thought it would be cool to set up a piratebox somewhere running from a solar panel. Then in daylight hours the dead drop would be there, but it would be gone at night.
[1]: http://piratebox.cc/
http://piratebox.cc/android
Dead Comment
http://www.monoprice.com/Product?c_id=117&cp_id=11709&cs_id=...
See previous commentary: https://news.ycombinator.com/item?id=6195627
Or, you might have stumbled across 240VAC wired to a USB connector.
And it can get much, much worse than plain old viruses too:
https://www.youtube.com/watch?v=nuruzFqMgIw
I'm not sure that it does. The countermeasures mentioned are for protecting against good old file-based executable exploits. I don't think they even understand the concept of firmware exploits.
It's pretty much the worst idea to execute random files you find in the street anyway so the risk probably isn't that high in the first place.
It's small, can be powered from a battery pack, you can add some scripts that automount the USB stick and copy everything off (and/or add some things of your own)
But no matter what sort of device you're using, it's pretty far from anything an actual spy might use. Any actual spy would want something discrete enough that you could be watched, videotaped, and photographed from multiple angles while making or picking up the drop, and even with endless analysis of the recordings, still have the security service not know that anything happened.
Some of Tom Clancy's books are pretty decent on realistic spy tradecraft, even if they're dicey on other subjects.
Throw it in a bin along with your morning coffee in a place thousands of people go a day - it'll get mixed in with all the other trash in a landfill somewhere and then good luck finding whose trash it went there with....
http://youtu.be/D8Im0_KUEf8
See also:
http://travisgoodspeed.blogspot.com/2012/07/emulating-usb-de...
http://travisgoodspeed.blogspot.com/2012/10/emulating-usb-df...
http://goodfet.sourceforge.net/hardware/facedancer21/
Tutorial:
1) Have hardware that acts as a USB host
2) Work with the files just like you would on your PC
3) That's all there is to it
m(
(From the german tabloid article: http://www.express.de/koeln/eingemauert-in-einer-fassade-bom... )