A small modem-equipped device, built for less than $100 dollars, can help hackers break into your network and steal your data without detection by coming through the mailroom.
This technique called “Warshipping” involves concealing a tiny device in a regular-looking package and mailing it to the target company or person. Once inside the company mailroom, the device could detect and relay data to hackers about access points like wi-fi hotspots and other vulnerabilities.
Connor Jones explains how IBM’s X-Force Red showed how effective warshipping could be in this report published by ITPro:
Once concealed in the parcel and in transit, the device periodically scans for wireless networks which lets the controllers monitor the location of the parcel and ultimately verify that it has been delivered to the intended target.
“Once we see that a warship device has arrived at the target’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively or actively attempt to attack the target’s wireless access,” said Henderson. “The goal of these attacks is to obtain data that can be cracked by more powerful systems in the lab, such as a hash.”
IBM said it could gain a foothold on the network by listening for a handshake (a packet signalling an established connection) and capturing the hash to crack a preshared key which can be used to gain network access, and collect data that can be siphoned back to a more powerful system for cracking.
The warship can also be set up as an ‘evil twin’ network whereby attacks could be performed by setting up a spoof network to which employees could be enticed to connect devices to, revealing their true credentials which can then be used to move deeper throughout a legitimate network.
Henderson noted the researchers were then able to exploit vulnerabilities in things like employee devices to establish a persistent foothold on the network, giving them the ability to “steal employee data, exfiltrate corporate data or harvest user credentials”.
