New ‘warshipping’ technique gives hackers access to enterprise offices
Researchers have described a new technique which could be used by cyberattackers to infiltrate corporate setups -- with a little help from your friendly neighborhood delivery workers.
On Wednesday, Charles Henderson, Global Managing Partner of IBM X- Force Red documented the theoretical method known as warshipping.
Security
The technique builds upon wardialing -- in which numbers are called en masse in an area to find modem-connected networks -- and wardriving, the name given to hackers driving around sniffing networks.
At Black Hat USA in Las Vegas, Nevada, IBM researchers said that warshipping is made possible through the proliferation of e-commerce deliveries, now an everyday occurrence which has slowly replaced visits to traditional brick-and-mortar stores.
With millions of parcels being sent every day in the US alone, IBM says that cyberattackers can take advantage of this seemingly innocent practice as an attack vector.
Dubbed warshipping, the technique is the result of the researchers' investigation into possible infiltration methods through package deliveries to the office mailroom -- or an individual victim's front door.
In order to attack, a tiny device would be hidden in a package and shipped. The gadget in question was made from a single board computer (SBC) and was designed to be compatible with 3G and remotely controlled. The device's power comes from a phone battery.
See also: Facebook's worst privacy scandals and data disasters
"SBCs have some inherent limitations, such as the high amount of power they consume to operate," the researchers say. "Applying some clever hacks, we were able to turn these devices into low-power gadgets when active and power them off completely when dormant. Using an IoT modem, we were also able to keep these devices connected while in transit and communicate with them every time they powered on."
After building the devices for less than $100, IBM set up a command-and-control (C2) server and programmed the warship electronics to perform periodic wireless scans while in transit. GPS coordinates were also sent to let the team know when the device had reached its destination.
The researchers were then able to run tools to both passively and actively try and break the target's wireless system, listen for handshakes, and sniff packets.
CNET: Huawei asked people if they thought it was linked to Chinese government
"The goal of these attacks is to obtain data that can be cracked by more powerful systems in the lab, such as a hash," IBM says. "These hashes represent a very small amount of data that we can obtain over a warship's 3G connection as the attack progresses."
Wi-Fi cracking, evil twin attacks -- the establishment of decoy Wi-Fi setups to harvest data -- and credential theft are all theoretically possible through this method.
IBM X-Force Red was able to infiltrate corporate networks without detection through the warship technique. The researchers say the aim of the test was to "educate our customers about security blind spots and modern ways adversaries can disrupt their business operations or steal sensitive data."
TechRepublic: How to build a vulnerability response plan: 6 tips
IBM added that organizations should be especially cautious during the holiday shopping season, given that workers may have their purchases delivered to offices rather than their homes.
As a result, the firm recommends that packages are treated like 'visitors;' in the same way a guest to a corporate area would have to undergo security processes and checks, packages should do, too.
These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)
Previous and related coverage
- Google, Arm team up to tackle memory vulnerabilities through MTE
- Microsoft launches Azure Security Lab, expands bug bounty rewards
- MegaCortex ransomware slams enterprise firms with $5.8 million blackmail demands
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0