Raspberry Pi Foundation Says 'No' To Malware - InformationWeek
Data Management // IoT
09:06 AM

Raspberry Pi Foundation Says 'No' To Malware

The Raspberry Pi Foundation was reportedly offered cash to put malware on its latest boards. The organization declined the offer.

Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
Best Raspberry Pi, Arduino DIY Projects For Your Holiday Downtime
(Click image for larger view and slideshow.)

Malware on your nice, new system could be as close as a hacker's checkbook. That checkbook will need to work with an organization other than the Raspberry Pi Foundation, though. Open slots in Raspbian Linux are not for sale.

Numerous news sites are reporting that Liz Upton, the Raspberry Pi Foundation's communications director, received an email offering to pay the foundation to put an executable file on its small controllers that would take users to a particular website. Upton declined the opportunity and tweeted an image of the solicitation with critical details redacted.

(Image: Raspberry Pi Foundation via Twitter)

(Image: Raspberry Pi Foundation via Twitter)

Certain details of the file to be included (such as the ".exe" extension) indicate that the latest version of the Raspberry Pi -- a version capable of running Windows 10 Embedded -- is the target. Windows 10 compatibility opens the new Raspberry Pi to a new realm of malware, though the Internet of Things doesn't require Windows to provide a malware vulnerability.

[Want to know more about the Internet of Things? Read 10 Raspberry Pi Projects For Learning IoT.]

In fall 2015, malware was found that infects IoT devices running Linux. While the malware, Linux.Wifatch, behaves oddly for its kind, its ability to infect IoT devices is a demonstration that a GUI and attached keyboard are not required for malware infection.

(Image: Coffee via Pixabay)

(Image: Coffee via Pixabay)

Linux.Wifatch seems to actually protect infected systems from other malware, but researchers and security analysts know that malware authors can't be counted upon to behave altruistically in the future.

One of the significant problems facing IoT developers is a lack of choice in anti-malware packages dedicated to the embedded system market. McAfee offers a product aimed at embedded systems, but it is limited in its target platforms and notably lacking in extensive competition.

Until robust security is available across IoT platforms, it's a near certainty that companies depending on malware for their business will continue to chip away at vendors in the embedded systems market. It should be only a matter of time before they find one with standards that are sufficiently low -- or cash-flow requirements that are sufficiently high -- to make deal, at which time the IoT will change, and not in a good way.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Curtis Franklin Jr. is executive editor for technical content at InformationWeek. In this role he oversees product and technology coverage for the publication. In addition he acts as executive producer for InformationWeek Radio and Interop Radio where he works with ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
1/5/2016 | 8:01:16 PM
Re: Name?
This is entertaining, but I would imagine that the Raspberry Pi Foundation gets emails just like this all the time. 

Something tells me that the Foundation is getting tired of the unsolicited offers. Anyone else agree?
User Rank: Ninja
12/31/2015 | 7:22:17 AM
Good to hear
Great to hear the guys at Raspberry are so stand up. You have to wonder how many organisations have been approached by companies like this and perhaps even government sponsored intelligence agencies. 

If the NSA isn't above hacking hard drive firmware, it wouldn't be surprising if it tried to get its malware into systems like this too.
User Rank: Strategist
12/29/2015 | 10:40:09 AM
Re: Name?
Looks like a typical scam artist writing to me.  What's so scary about the state of scam/malware/phishing/DDoS or anything related to computer/internet security is that anyone willing to provide money can have the most sophisticated dark IT infrastructure at their disposables via dark web and other channels even if the person with money has no clue how a computer works.  Until all IT vendors and suppliers have concerted efforts on security and general awareness of potential security breaches, like the folks at Raspberry Pi Foundation have, navigating computer networks would still be not much different from navigating minefields with new mines being planted all the time.
User Rank: Moderator
12/29/2015 | 9:57:56 AM
Don;t be so coy. She should name and shame the company. Based on the writing style, I'm guessing it's Chinese, probably with close ties to the Army.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll