Hi friends,
I’m running raspbian on a raspberry pi. It’s great.
I often access my device over SSH from my phone. I have a long-running gnu screen session. Sometimes my shell becomes unresponsive for some time, which may be normal due to my poor wifi, but one time something weird happened.
My device was unresponsive for longer than usual, so I killed the SSH connection.
When I reconnected, my screen session looked like something like this:
$ <commands>
...
$ gpg -a --export $KEY | sudo apt-key add -
$ ctrl C
$ ctrl C
$ ctrl C
Most critically, the gpg command here is not something that I wrote. I can only guess that:
- I somehow executed something like
!13, which expanded to something from my history - Somehow a cron process or similar wrote to my tty (?)
- I’ve been hacked
I executed this gpg command intentionally at some point in the past, so I think (1) is most likely, but…
Can anyone just help me relax by confirming that my device is probably fine, and a hacker would do much more interesting things than add gpg keys to apt, right?
My device is exposed to the internet, so hackery is definitely not out of the question.
Thanks in advance!
Termux allows for shortcuts for arrow up, which accesses history. I think that it is unlikely that a hacker would access your pi at just the same second as you are accessing it and then use a command that you have used before.