Once inside a building, an attacker needs to plant a backdoor in order to harvest network data. There are a variety of ways to do this.
For example, in an episode of Mr. Robot, an intruder removes a panel from a climate control system and wires in a Raspberry Pi. It's a bit of a fiddly job, though: He has to remove a panel from the climate control system, snip an Ethernet cable and wire in the mini-computer.
A company called the Pwnie Express had an easier solution. It made a device that looks like a power strip but on the inside contains a Raspberry Pi complete with a penetration testing toolkit. The device, however, costed US$2,000 and has since been discontinued.
At Def Con, Brown said he will release a 3-D printable file that will let penetration testers print out their own high-quality shell of a power strip customized to hold a Raspberry Pi. The design will be released here after Brown's presentation on Aug. 9.
The cost of printing the power strip is about $5, and a Raspberry Pi costs just $35, dramatically bringing down the cost of a very stealthy tool. It's a permanent backdoor that just needs to be plugged into an Ethernet port.
"Once I physically break into a building, I leave it behind somewhere like in an empty cube or an empty conference room plugged into their internal network," Brown said. "It looks like something completely harmless."
Bishop Fox has a page on their website with the full range of RFID hacking tools and software they've developed over the years.
Sign up for CIO Asia eNewsletters.