Go to any place where two public wireless networks overlap, and leave one of these devices in the overlap zone and connected to both networks. Arrange the networking so that you can tunnel out of one wireless network and back into the other. Do this in a few such places and you have a series of hops that can make it quite challenging to trace traffic back to you. Have your device retain no logs and include a remote power shutoff, so if somebody is chasing you from the destination network, by the time the physical plug is discovered (if it is at all, these things are easy to conceal) the router logs for the source network and ISP have long cycled.
If you are doing something really nefarious, do all of this on a battery-operated Gumstix and leave it in a trashcan between a Starbucks and a public library. The battery would probably last you all day, and then the garbage truck will dispose of all evidence by next morning without any intervention.
The problem isn't small form factor computing. It's internal networks where MAC-layer connections aren't authenticated, and where there is no access control between desktops and data centers. It's been that way, in virtually every company big and small, since 1993 when networks cut over from IPX and extended TCP/IP to the desktop.
If anything, I'd say plug computers are good for security, if they're making people more aware of how god awful stupid the "eggshell" model of putting all your efforts into perimeter security really is.
Unfortunately, instead of focusing on security their internal servers and app, my bet is most "enterprises" will instead respond by just extending the eggshell with greater lockdown of end-user PC's. :-(
Personally, I want one that screws into a lightbulb socket and lights up :-)
Not only can you do low intensity probes over a much longer span of time vs a wardrive or loiter-scenario, you can keep throwing new exploits against old targets so long as the plug goes undetected.
No matter what the form factor, you're probably gonna want at least power and an ethernet connection. Most enterprise networks are pretty locked down on the wireless side, but on the wired side it's still pretty uncommon to find any significant lockdown like 802.1x authentication.
I'd definitely be worried about those POE injectors for conference room phones and other uses. Most of them already look like a cheap black box, have two ethernet ports and power and aren't out of place.
Practically though, I'd be much more concerned about penetrations in official clients. You can get most of the same functionality out of an employees mobile device and have the added advantage of more deniability. Client malware is so common that most is not assumed to be a targeted attack, whereas finding an unauthorized plug computer will raise alarm bells quickly.
Never the less, it's yet another strong argument for implementing 802.1x.
Although I suppose that just means Step 0 is to get service under a false identity.
Stopped reading at that point. People can use technology for whatever they want, including nefarious purposes. That's not an issue which is specific to plug computers.
(And it would also be very hard to do this without getting caught. Even harder than most people would think. Particularly at the point where you're trying to make money.)
This is a serious APT that's been ongoing for 4-5 years and benefits chinese oil exploration.
I still wouldn't touch that with a 10 foot pole. Even with China covering for you, it's not a game to play lightly for anyone who has a home and life in the US.
Neither of these contribute significantly to your exposure any more than something like a laptop or netbook. Concealment helps protect against casual detection, but many offices are littered with spare laptops that no one pays any attention to any way. This is especially true in IT departments where systems may sit on shelves for days or weeks waiting for repair. The notion that a plug computer may be hard to find once identified sounds scary, but in practice, it's a non-issue. You simply identify the port to which the device is connected, unplug it, then trace the cable back to its termination point. I'm going to ignore wireless, because no sensible security plan involves a WiFi network attached to their private network. You segregate wireless in the DMZ, then allow WiFi users to connect to a VPN endpoint using strong encryption.
Any business concerned about securing their networks has implemented policies like shutting interfaces that aren't in use, and authenticating access at the Ethernet level using 802.1X. Neither of these are foolproof, but depending upon how secure you want to be, you build up security at every layer: physical, Ethernet, VPN, application.
looks like they have a ways to go.
Imagine you get an interview at some company and you gain access to some area, like a lounge. You could potentially smuggle a pluggable box into the facility and plug it in behind some plant, or a copier, or even a coffee machine.
(Copier being the best option)
This machine could ideally auth with the local wifi and gain access to the internet, and provide you tunneling access back into the network.
When Aruba Networks first came out, the initial default config of their system allowed anyone to associate with the network and VPN OUT to the internet - while not giving them access to corporate resources. While we found this behavior at Lockheed Martin, and had them patch it - the same scenario could be found elsewhere today - where you could then connect to the pluggable and scan/hack your way into the network.