Published on August 7th, 2019 📆 | 7544 Views ⚑0
Wi-Fi-spying gizmos may lurk in future parcels • DigitalMunition
Maybe, maybe not. These hack-in-a-box widgets are something to think about at least, says Big Blue
Small kit, big impact ... Big Blue's warshipping gadget
Black Hat IBM's X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it "warshipping," Big Blue's eggheads suggested earlier today.
To demonstrate this approach, the X-Force team built a low-power gizmo consisting of a $100 single-board computer with built-in 3G and Wi-Fi connectivity and GPS. It's smaller than the palm of your hand, and can be hidden in a package sent out for delivery to a target's business or home.
Once it arrives, it can be activated remotely over the internet, or when it detects it is near its destination using GPS. It can be instructed to scan for vulnerable networks to infiltrate – a la the TJX wireless hacking in the mid-2000s – or spoof nearby legit wireless networks to harvest passphrases from those connecting, or get up to other mischief over the air.
Any obtained information can be relayed back to base, over the internet, and it can be commanded to drill further into any networks it is able to break into, installing spyware as it goes. This widget is potentially potent as it passes through a business on its way to someone's desk.
"Think of the volume of boxes moving through a corporate mailroom daily," said Charles Henderson of IBM X-Force Red on Wednesday, just in time for this year's Black Hat USA conference in Las Vegas. "Or consider the packages dropped off on the porch of a CEO's home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected."
Henderson continued, describing how the gizmo could be deployed:
This warshipping has a number of advantages for hackers. For one thing, there's no need to suspiciously cruise a location; just send a box anonymously instead and control it from the comfort of your own home, er, cafe Wi-Fi via Tor.
So far, this gadget is only at the proof-of-concept stage, though in the future IBM predicts it could become popular with crafty snoops. It recommends banning employees from shipping personal packages to their offices, thus easily allowing all parcels to be intercepted, and checking deliveries with a suitable radio frequency scanner. ®
MCubed - The ML, AI and Analytics conference from DigitalMunition.