New ‘warshipping’ technique gives hackers access to enterprise offices

Delivery workers may inadvertently provide the bridge between hacker and victim.

Crooks can hack your IoT cameras and show fake footage Researchers detail the risk posed by insecure IoT devices, demonstrating how hackers could hide evidence of a physical break-in from operators of internet-connected cameras.

Researchers have described a new technique which could be used by cyberattackers to infiltrate corporate setups -- with a little help from your friendly neighborhood delivery workers.

On Wednesday, Charles Henderson, Global Managing Partner of IBM X- Force Red documented the theoretical method known as warshipping. 

The technique builds upon wardialing -- in which numbers are called en masse in an area to find modem-connected networks -- and wardriving, the name given to hackers driving around sniffing networks.

At Black Hat USA in Las Vegas, Nevada, IBM researchers said that warshipping is made possible through the proliferation of e-commerce deliveries, now an everyday occurrence which has slowly replaced visits to traditional brick-and-mortar stores. 

With millions of parcels being sent every day in the US alone, IBM says that cyberattackers can take advantage of this seemingly innocent practice as an attack vector. 

Dubbed warshipping, the technique is the result of the researchers' investigation into possible infiltration methods through package deliveries to the office mailroom -- or an individual victim's front door. 

In order to attack, a tiny device would be hidden in a package and shipped. The gadget in question was made from a single board computer (SBC) and was designed to be compatible with 3G and remotely controlled. The device's power comes from a phone battery.

screenshot-2019-08-06-at-12-20-49.png

See also: Facebook's worst privacy scandals and data disasters

"SBCs have some inherent limitations, such as the high amount of power they consume to operate," the researchers say. "Applying some clever hacks, we were able to turn these devices into low-power gadgets when active and power them off completely when dormant. Using an IoT modem, we were also able to keep these devices connected while in transit and communicate with them every time they powered on."

After building the devices for less than $100, IBM set up a command-and-control (C2) server and programmed the warship electronics to perform periodic wireless scans while in transit. GPS coordinates were also sent to let the team know when the device had reached its destination. 

The researchers were then able to run tools to both passively and actively try and break the target's wireless system, listen for handshakes, and sniff packets. 

CNET: Huawei asked people if they thought it was linked to Chinese government

"The goal of these attacks is to obtain data that can be cracked by more powerful systems in the lab, such as a hash," IBM says. "These hashes represent a very small amount of data that we can obtain over a warship's 3G connection as the attack progresses."

Wi-Fi cracking, evil twin attacks -- the establishment of decoy Wi-Fi setups to harvest data -- and credential theft are all theoretically possible through this method. 

IBM X-Force Red was able to infiltrate corporate networks without detection through the warship technique. The researchers say the aim of the test was to "educate our customers about security blind spots and modern ways adversaries can disrupt their business operations or steal sensitive data."

TechRepublic: How to build a vulnerability response plan: 6 tips

IBM added that organizations should be especially cautious during the holiday shopping season, given that workers may have their purchases delivered to offices rather than their homes. 

As a result, the firm recommends that packages are treated like 'visitors;' in the same way a guest to a corporate area would have to undergo security processes and checks, packages should do, too. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0