Hackers of India

Hardware Attack Vectors

 Yashin Mehaboobe 

2014/02/14

Presentation Material

Abstract

Hardware security is not as well known as other fields in computer security. This is chiefly because usually there are more widely known and easier paths into a target organisation. It’s much easier to exploit a web application vulnerability or a wireless AP than to launch a hardware based attack. Sometimes however in situations where other attacks are impractical or downright impossible, a hardware attack might succeed. This presentation will be about using such techniques to gain access to the target systems. Each attack vector will be described in short detail and a demonstration will be provided for it.

HID Vector: Imagine if an attacker had physical access to your system. This is what an HID attack almost entirely emulates. HID stands for Human Interface Device. It’s a class of devices like keyboards and mouses that allow a user to interact with the system. An HID attack utilizes devices such as the Teensy microcontroller can store a set of user inputs in it and then replay it when it is plugged into a system. This would allow an attacker to execute commands as if he was sitting in front of the system.

IR Vector: Infrared is a fairly widespread protocol. It’s used in TV systems and even in traffic lights. However IR is one of those systems which was not built with security in mind. Unlike some radio keyfobs they do not employ any form of rolling codes. So it is a trivial job of recording the IR codes and retransmitting them. This session will handle the creation and use of a simple IR spoofer and discuss various issues with IR security.

Radio: Radio technology is all around us. Instead of showing how to pwn wireless APs, this session will handle the usage of SDRs or software defined radios. Specifically the audience will be introduced to the RTL-SDR project ( a very cheap SDR). They will also be introduced on how to sniff for wireless data and understand what type of transmission it is. Car keyfob transmissions will be shown as an example. RFCat (another SDR with TX) will also be covered.