There has been a recent rise in the discovery “weaponized” hardware appearing on business networks world wide. “Weaponized” what? Hardware? Weaponized Hardware refers to physical devices which can be plugged into or attached to a network for the purpose of sniffing data or deploying injection attacks such as key-logging or ransomware deployment. Yes it is very dangerous.
Thanks to Black Hat security experts creating penetration tools to help IT security professionals detect and thwart cyber-attacks, it can comes as a backlash where nefarious attackers get their hand on the devices and use them for ill rather than for good. If you see anyone in or around your office with the infamous “pineapple” logo, you likely have a hacker in your mitz. The pineapple logo is the brand logo for HAK5, a company that creates and offers cyber-security emulation and detection devices to help network professional detect and block such weaponized hardware attacks.
Here are a few of the most common “hiding in plain site” weaponized hardware attack devices:
This like a real mobile device cable. The O.MG contains a web server, 802.11 radio, and way more memory and processing power. The O.MG Cable is built for covert field-use by Red Teams, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly and dynamically change your tooling with minimal effort.
The O.MG Cable allows an attacker execute almost every feature via wireless, and not just creating, saving, or executing payloads. It can then be flash clean wiped to a convert innocuous state, which “break” the O.MG Cable so it will no longer pass data, and even flash new firmware therefore now making nearly impossible to detect that it was even deployed.
“Rubber Ducky” is the most famous where an ordinary looking USB flash drive is plugged into a computer or printer device on the network and begins deploying packet sniffing software which then reports back to the attacker via your network with the sensitive data the attacker is after, Nearly undetectable without the proper security polices and firewall setup “beforehand”.
“Signal Owl” is Screen Capture Device that can be attached to the back of a display device and record all the keystrokes and take screen snapshots behind the scenes unenclosed to the user or even the business owner.
Signal Owls are often see these devices in banks and retail outlets were the IT Dept or business owner intent is to monitor employee computer usage.
The issue is weather that stream is encrypted, if not it is vulnerable to “skimming” and the device itself can be hacked by someone else.
There are better ways to keep employees focused and bad stuff off your network. Like Firewall blocking of non-essential sites and an “Intranet” internal website to keep employees focused on work and not social media, news or shopping. The attackers simple physical presence in the environment can deploy a “signal owl” with- No access to your network!
“Shark Jack” plugs directly into any network “jack or network cable to deploy and do it’s dirty work.
There are even “weaponized mice” that can be purchased that are actually “spy” devices. (a good reason to buy from a reputable computer manufacturer rather than an off brand or used device.
This is a good reason to utilize a Managed, Monitored and maintained network via a reputable Cloud and Manged Services Provider such as South Bay Computer Solutions offering options to help keep your network safe from such devices and attacks.
These are just a handful of devices available on the market to would be – could be hackers.
If you see these logos on a backpack , sticker or the like, you likely have a “HAKer” in your mist.
This article is to keep you aware of what might be lurking in or around your network and how to spot them. Keep an eye out for expanded articles on these “spy” devices and how you might thwart them.