Hardware hacking of networks via physical trojan horse?!

Conundrum, Tue Jun 28 2011, 09:18PM

Link2

Haha, someone else worked this one out.
I theorised last year that someone could use this same method although my version used a timed keyboard/mouse switch via a microcontroller.

The problem here is that most people would assume that the "free" accessory in the post was intentional if accompanied with a social engineered invoice with "FRU optical mouse to replace recalled unit" for example.

Needless to say most companies have no policies in place to prevent such hacking, even SCADA systems in a totally isolated network could be vulnerable.

Just wait until some enterprising criminals get hold of this, and start sending out hacked replacement laptop batteries that can compromise the system via buffer overflow in the I2C bus.

Methinks the game just got a whole lot more complicated.

-A
Re: Hardware hacking of networks via physical trojan horse?!
Chip Fixes, Tue Jun 28 2011, 09:29PM

The possibilities are endless, modified mice, keyboards, batteries, hell, even computer monitors. A while back a man, who was a computer repair man, was arrested for installing software on victims computers that allowed him to take pictures while their laptops were open, via the webcam.
Re: Hardware hacking of networks via physical trojan horse?!
Hon1nbo, Wed Jun 29 2011, 08:39PM

The more common, and bit simpler, method is the leaving of an infected USB drive on the grounds and an employee plugging it in to identify it.

I know some pen testers who do stuff like this and pretend to have replacement hardware etc. It's scary how easy it is sometimes.

-Jimmy