![]() Henderson emphasizes that in each case, his team had permission from someone with authority at each company that received a "warship." But the companies weren't widely warned about what was coming. The near-ubiquity of some kind of cellular signal and the advent of Internet of Things (IoT) cellular modems-frequently used by freight carriers to track trailers and by other remote, low-power devices-has also created a new set of security concerns for companies and individuals targeted for industrial espionage and other criminal activity. The hardware has also been planted in a stuffed animal and even inside the case of a normal Wi-Fi router. So technically you could do pretty much infinite, up to the life of the battery, if you set that in the right place." a $13 panel that, and actually, by the time it discharges the battery, between times when we check in, that can charge it back up. "Put a $13 solar charger panel on the plaque, and that makes it a permanent fixture in a CISO's office. ![]() The plaque might just go right up on the wall. If you get a box or maybe a plaque that says you're the new of the year, you might not." If you get a phone shipped to you, you're suspicious of it. It can be easily built into the cardboard. "The thing that's cool about this is, this is the wall of the box. "There have been people that have shipped cell phones, things like that," Henderson noted. And mobile devices have also been brought to play, allowing "war walking"-attacks launched remotely as a device concealed in a bag, suitcase, or backpack is carried nonchalantly into a bank, corporate lobby, or other targeted location.īut unless you're trying to get your daily steps in, IBM X-Force Red Global Managing Partner and Head Charles Henderson told Ars that you can just let a shipping company do the work for you. Covert drop boxes (once a specialty of Pwnie Express) have taken the form of "wall wart" device chargers, Wi-Fi routers, and even power strips. Ars even used one in our passive surveillance of an NPR reporter, capturing his network traffic and routing a dump of his packets across the country for us to sift through. We've looked at such devices, typically referred to as "drop boxes," before. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard. Using less than $100 worth of gear-including a Raspberry Pi Zero W, a small battery, and a cellular modem-the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. That's because the people at X-Force Red put a new spin on sneaking in-something they've dubbed "warshipping." But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. ![]() ![]() LAS VEGAS-Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |