Warshipping: attack a target network by shipping a cellular-enabled wifi cracker to a company's mail-room

IBM's ridiculously named X-Force Red have documented a new attack vector they've dubbed "Warshipping": they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target's offices.

The device scans for visible wifi networks; once it senses a network associated with its target (indicating that it has arrived on the target company's premises), it alerts its controllers over the cellular radio, and then scans the local wifi for instance in which users' devices are initiating new connections to the network. It captures the handshake data from these connections, transmits them over the cellular network to its controllers, and they can then crack the password offline, send login credentials to the warshipping device, login to the target network, and attack the network from within.

“Warshipping has all the characteristics to become a stealthy, effective insider threat — it’s cheap, disposable, and slides right under a targets’ nose — all while the attacker can be orchestrating their attack from the other side of the country,” said Henderson. “With the volume of packages that flow through a mailroom daily — whether it be supplies, gifts or employees’ personal purchases — and in certain seasons those numbers soar dramatically, no one ever thinks to second guess what a package is doing here.”

The team isn’t releasing proof-of-concept code as to not help attackers, but uses the technique as part of its customer penetration testing services — which help companies discover weak spots in their security posture.

With warshipping, hackers ship their exploits directly to their target’s mail room [Zack Whittaker/Tech Crunch]

(via Super Punch)

from Boing Boing https://ift.tt/2ZMmBE8
via IFTTT

Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment