Warshipping: Attacking Wireless Networks from the Mailroom
canopic jug writes:
IBM researcher Charles Henderson has writtena blog post about shipping a 3G-enabled single board computer to companies to scan and infiltrate their insecure wireless networks from inside the physical premises. This attack method works when companies fail to adopt the zero-trust networking model hammered out already during the 1980s and mistakenly assume that anything connecting inside the network is safe. Henderson makes some recommendations while appearing to avoid addressing the fundamental problem.
The warship device X-Force Red uses in their pentesting engagements is a disposable, lightweight, low-cost (<$100) and low-power single-board computer (SBC) that can run on a basic cell phone battery and has a 3G-enabled modem. "SBCs have some inherent limitations, such as the high amount of power they consume to operate, so we applied some clever hacks to turn them into low-power gadgets when active and power them off completely when dormant. Using an IoT modem, we were also able to keep these devices connected while in transit and communicate with them every time they powered on," Henderson explained. Once at the destination - a target's front door, mailroom or loading dock - the device can be activated and remotely controlled by the pentesters/attackers. It can listen for handshake packets and transmit the captured hasheds to their servers, where they can crack the preshared key and effectively discover the Wi-Fi network's password. It can also be used to launch a deauthentication and an "evil twin" attack, tricking users into joining the attackers' decoy network and unknowingly share login credentials. "Once we broke in via the Wi-Fi access, we could then seek to pivot by exploiting existing vulnerabilities to compromise a system, like an employee's device, and establish a persistent foothold in the network. With this ability to get back into a compromised network, attackers can move through it, steal sensitive employee data, exfiltrate corporate data or harvest user credentials," Henderson pointed out.
His post is also summarized without the paywall at:
Help Net Security : Warshipping: Attackers can access corporate networks through the mailroom
Read more of this story at SoylentNews.