By Cameron Camp
This year at Black Hat, tiny automated hacking
platforms are everywhere, loaded with tasty purpose-built tools that can be
used to break into your systems. It’s no surprise really, that deploying a $35
single board computer running server software which can connect to a network
can be used as a fire-and-forget attack platform, and at that price you don’t
really care about it being discovered.
With a couple of small ARM-based platforms equipped
with cheap machine-to-machine data cards, you now have a server that can be
embedded into a hostile environment that will phone home and establish a
communication session so you can maintain persistence on the network.
Sure, it might be discovered sitting on a network
port (maybe, and even then it may take a while), on a switch or a router, but
many of these boards come with Wi-Fi functionality, so you can take your time
and run a series of wireless attacks to gain network access, even spoofing a
legitimate MAC address to pretend to be another computer on the network. With
all of these add-ons, your tiny computer probably costs around $100, which is
still a small price to pay to launch an attack.
The good news is that the tools shown at Black Hat
address both attack and defense, and that there are tools which can be
used to defend against this potential threat as well. This is the good part
about Black Hat presentations– they usually talk about how to protect/defend
against the type of attack they’re presenting on, they (usually) work for the
good guys.
But as an enterprise or other organization, it
makes sense to keep your ear on the data feeds coming out of Black Hat in order
to get access to these tools and techniques, which are often freely available,
so that your team can be prepared against the latest attacks to be released
into the wild.
Since these tiny boards are very inexpensive,
they’re also very affordable in case you want to run tests against your defense
for a correspondingly tiny amount of money, and often there are cut/paste
tutorials on how to do it.
Also, now is a good time to get up to speed on
non-standard platforms, which are being deployed by the millions in IoT
contexts, so that your security team will be familiar with the toolset and the
nuances of using them as a working Linux security platform (though some of them
run other operating systems, Linux seems to be the default).
With the volume of proof-of-concepts and mature
software launched on the little devices, it’s no longer a corner of security
you can ignore. They have become much more powerful in recent years, often
hosting multiple-core CPUs, decent memory, gigabit Ethernet and very capable
Wi-Fi chipset integration. In short, they’re very real computers the size of a
credit card that can run on flashlight batteries, and that’s something you shouldn’t
ignore in your environment.