IBM’s ridiculously named X-Force Red have documented a new attack vector they’ve dubbed “Warshipping”: they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target’s offices.
The device scans for visible wifi networks; once it senses a network associated with its target (indicating that it has arrived on the target company’s premises), it alerts its controllers over the cellular radio, and then scans the local wifi for instance in which users’ devices are initiating new connections to the network. It captures the handshake data from these connections, transmits them over the cellular network to its controllers, and they can then crack the password offline, send login credentials to the warshipping device, login to the target network, and attack the network from within.
“Warshipping has all the characteristics to become a stealthy, effective insider threat — it’s cheap, disposable, and slides right under a targets’ nose — all while the attacker can be orchestrating their attack from the other side of the country,” said Henderson. “With the volume of packages that flow through a mailroom daily — whether it be supplies, gifts or employees’ personal purchases — and in certain seasons those numbers soar dramatically, no one ever thinks to second guess what a package is doing here.”
The team isn’t releasing proof-of-concept code as to not help attackers, but uses the technique as part of its customer penetration testing services — which help companies discover weak spots in their security posture.
With warshipping, hackers ship their exploits directly to their target’s mail room [Zack Whittaker/Tech Crunch]
(via Super Punch)
At this year’s Defcon Lock Picking Village, Ioactive’s Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases.
The Lock Picking Lawyer is one of my favorite YouTubers, and he’s spreading his wings beyond the usual fare of dreadful padlocks and crap safes. Here he shows how to use a $2 generic remote control to “blind” SimpliSafe, a security gadget that’s getting rave reviews from product testers. This however is a little 433 […]
“You have the right to remain silent.” We’ve heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you’ve been accused of a minor crime. […]
Cloud storage isn’t just for big businesses. If you’ve got more pictures, videos or work files than your device can handle (and who doesn’t?), then the cloud is where it needs to be. Luckily, there are more options for you than just Dropbox these days. Here’s a roundup of some newer services that can help […]
Your binge-watching options just got a lot more interesting. Get ready to be the first choice venue for movie night, because there’s a giveaway right now on a Samsung 65″ QLED 4K Smart TV. Size isn’t quite everything for this theater-quality set, though it is impressive. The Q70 series TV is able to upscale even […]
If there’s one piece of gear that’s essential for both outdoor trailblazers and urban homeowners, it’s a good flashlight. And since it doesn’t take much more dough to go the extra mile, you might as well get a great one. Here are eight super-durable flashlights and versatile lanterns that will make sure you’re never in […]