Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday August 08 2019, @11:04AM   Printer-friendly
from the attack-from-within dept.

IBM researcher Charles Henderson has written a blog post about shipping a 3G-enabled single board computer to companies to scan and infiltrate their insecure wireless networks from inside the physical premises. This attack method works when companies fail to adopt the zero-trust networking model hammered out already during the 1980s and mistakenly assume that anything connecting inside the network is safe. Henderson makes some recommendations while appearing to avoid addressing the fundamental problem.

The warship device X-Force Red uses in their pentesting engagements is a disposable, lightweight, low-cost (<$100) and low-power single-board computer (SBC) that can run on a basic cell phone battery and has a 3G-enabled modem. "SBCs have some inherent limitations, such as the high amount of power they consume to operate, so we applied some clever hacks to turn them into low-power gadgets when active and power them off completely when dormant. Using an IoT modem, we were also able to keep these devices connected while in transit and communicate with them every time they powered on," Henderson explained. Once at the destination - a target's front door, mailroom or loading dock - the device can be activated and remotely controlled by the pentesters/attackers. It can listen for handshake packets and transmit the captured hasheds to their servers, where they can crack the preshared key and effectively discover the Wi-Fi network's password. It can also be used to launch a deauthentication and an "evil twin" attack, tricking users into joining the attackers' decoy network and unknowingly share login credentials. "Once we broke in via the Wi-Fi access, we could then seek to pivot by exploiting existing vulnerabilities to compromise a system, like an employee's device, and establish a persistent foothold in the network. With this ability to get back into a compromised network, attackers can move through it, steal sensitive employee data, exfiltrate corporate data or harvest user credentials," Henderson pointed out.

His post is also summarized without the paywall at:
Help Net Security : Warshipping: Attackers can access corporate networks through the mailroom


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday August 08 2019, @08:39PM

    by Anonymous Coward on Thursday August 08 2019, @08:39PM (#877630)

    Ha, thanks! I've been using (DOM) object-wise viz toggling and/or inspection, and this will be much more robust.