Radio frequency shielding for Raspberry Pi Zero

Click For Summary

Discussion Overview

The discussion centers around the security concerns related to the built-in WiFi and Bluetooth functionalities of the Raspberry Pi Zero, particularly in the context of using the device for sensitive applications like encryption. Participants explore methods for shielding the device from radio frequency (RF) signals to enhance security without permanently modifying the hardware.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant expresses concern about the security risks posed by the built-in wireless capabilities and suggests using RF-blocking materials to shield the antenna without permanently modifying the device.
  • Another participant questions the effectiveness of the proposed RF shielding, suggesting that even minor RF leakage could be detected nearby.
  • A different participant acknowledges the theoretical possibility of creating a slip-on RF-blocking sleeve but emphasizes the need for careful design, including minimizing holes for wires and incorporating RF filters to prevent induced currents from leaking signals.
  • One contributor warns that any imperfect execution of the shielding approach could lead to potential security vulnerabilities, noting that amateur security measures are often less secure than intended.
  • Another participant proposes a software-based solution that includes regular checks on the communication state, suggesting that software could disable WiFi and Bluetooth while notifying the user.
  • A participant raises the point that permanent modifications to the hardware may not be necessary, suggesting that purchasing an unmodified version of the device is a viable option.
  • One participant mentions the availability of a version of the Raspberry Pi Zero that does not include RF capabilities, providing a link for reference.

Areas of Agreement / Disagreement

Participants express differing opinions on the effectiveness and feasibility of various approaches to securing the Raspberry Pi Zero. There is no consensus on the best method, with some advocating for hardware modifications while others suggest software solutions or RF shielding.

Contextual Notes

Participants note that RF screening can be unreliable due to the need for extensive filtering on input/output/power leads, which may complicate the shielding approach. Additionally, the discussion highlights the potential for security vulnerabilities if the proposed methods are not executed perfectly.

th078
Messages
1
Reaction score
0
TL;DR
I'm wondering whether it's possible to craft a RF 'shield' for the Pi Zero's wireless antenna, with the goal of "air-gapping" the device
So I'm trying to put together a Pi Zero mini computer to use for security-oriented applications, for example encrypting/decrypting messages, working with encryption keys, etc. It's cheap, very small and thus easy to carry around.

However, I'm not entirely comfortable with the presence of the built-in Wifi and Bluetooth, which while convenient, presents a security risk. Disabling wireless functionalities via software is possible but not bulletproof, since an adversary could in theory enable them surreptitiously, however improbable that is in practice. I also don't want to physically remove or disable the corresponding components, since that kind of modification is permanent. So I figured that the most straightforward method of air-gapping the device would be to physically shield it the wireless antenna using a RF-blocking material.

Now I have to confess that I know practically nothing about electrical engineering, which is why I've come here for help, in the hopes that someone more knowledgeable might be able to enlighten me and offer some input. I'm aware of Faraday cages and RF blocking wallets, but those require that the entire device be enclosed, which isn't feasible in this case due to the presence of cables.

So instead I was wondering whether it's possible to craft a slip-on RF-blocking "sleeve" using suitable materials and enclose only the antenna. Even if the triangular antenna is completely covered, the silicon board itself wouldn't be enclosed, and might therefore allow signals to pass through. Would that prevent this solution from working?

Thanks in advance.
 
Engineering news on Phys.org
I don't actually know this computer but I think the approach you describe is not very good, and even the slightest RF leakage will be detectable at close range.
 
  • Like
Likes   Reactions: DaveE
What you propose is not a simple design, but theoretically it is possible. You will need to have the smallest holes possible for any wires that cross through a six sided box of highly conductive material. You will probably also have to have RF filters in the wires that exit as currents can be induced into those wires inside the box that can flow outside on the wires and then re-radiate the radio signals.
IMO, it would be much easier to modify the PCBA to eliminate the wireless capability. I suspect that there are easier methods to do that than removing an IC, you may be able to cut a trace or add a short circuit in a strategic location.
 
No matter what your approach, unless you execute it perfectly, it will be potentially insecure. Security professionals would be unlikely to accept that. Amateur security of all forms is notorious for being less secure than the designer believe it is.

If this is government work, then there must be established protocols to certify something as secure. A security professional would start there.
 
  • Like
Likes   Reactions: sophiecentaur and DaveE
A software approach could be worth considering. Perhaps including commands that check for the state of the Comms, on a regular basis, and that turn off the WiFi and Bluetooth AND notify the operator.
RF screening can be unreliable because input / output / power leads need vast amounts of filtering (large structures) to give you high levels of protection.
 
th078 said:
since that kind of modification is permanent

And? It costs something like $5. If later you need an unmodified one, just buy an unmodified one.
 
  • Like
Likes   Reactions: berkeman and sophiecentaur
Still on their website and in stock is the Version 1.3 at $5, that's the one without the RF link.
https://www.adafruit.com/product/2885The downside is "MAX PER CUSTOMER: 1"

Cheers,
Tom
 

Similar threads

Graduate How is radio wave propagation modelled in seawater?
  • · Replies 12 ·
Replies
12
Views
11K